Unknown
CVE-2026-38978
transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths.
Tag: Clickjacking
All CVEs associated with "Clickjacking". Page 1/3 • 248 CVEs.
Subscribe CVEs: RSS for “Clickjacking” · RSS (High+Critical only)
About “Clickjacking”
A curated feed of “Clickjacking”-related CVEs appears below. We currently track 248 CVEs for this tag (all time). In the last 365 days, 29 were published. Average CVSS is 5.4 (all time; 5.2 over 365d), and 8% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-1021 - Improper Restriction of Rendered UI Layers or Frames, CWE-693 - Protection Mechanism Failure, CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').
In our taxonomy this topic maps to a LOW impact class. Common exploitation patterns for this weakness can lead to low. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-06-02
2026-03-02
Medium
CVE-2025-58406
The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, a…
Medium
CVE-2025-58405
The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an…
2026-02-23
Medium
CVE-2026-27511
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, a…
2026-01-28
Medium
CVE-2026-24839
Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This…
2026-01-16
Medium
CVE-2026-23731
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related t…
2026-01-15
Medium
CVE-2025-52987
A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-…
Medium
CVE-2026-22918
An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.
2026-01-13
Medium
CVE-2026-0887
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
2026-01-05
Medium
CVE-2025-65922
PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects o…
2025-12-15
Medium
CVE-2025-34412
The Convercent Whistleblowing Platform operated by EQS Group contains a protection mechanism failure in its browser and session handling. By default, affected deployments omit HTTP security headers s…
2025-12-09
High
CVE-2025-34413
Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Ref…
2025-12-02
Medium
CVE-2025-52622
The BigFix SaaS's HTTP responses were missing some security headers. The absence of these headers weakens the application's client-side security posture, making it more vulnerable to common web attac…
2025-10-31
Medium
CVE-2025-64387
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim.…
2025-10-12
Medium
CVE-2025-31969
HCL Unica Platform is impacted by misconfigured Content Security Policy (CSP). These can result in malicious resources getting loaded and browsers may come across certain types of attacks, such as c…
2025-10-06
Medium
CVE-2025-28129
Phpgurukul Hostel Management System 2.1 is vulnerable to clickjacking.
2025-09-30
Medium
CVE-2025-59950
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection (confirmation dialog), it is possible to trick the admin into clickin…
2025-09-17
Medium
CVE-2025-0546
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows…
2025-09-15
Medium
CVE-2025-57117
A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payl…
2025-09-03
Medium
CVE-2024-13066
Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking. This issue affects LimonDesk: from s1.02.14 before v1.02.1…
2025-07-25
High
CVE-2025-34114
A client-side security misconfiguration vulnerability exists in OpenBlow whistleblowing platform across multiple versions and default deployments, due to the absence of critical HTTP response headers…
2025-07-23
Medium
CVE-2025-54139
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX…
2025-07-16
Medium
CVE-2025-6983
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Arc…
2025-07-03
Medium
CVE-2025-27455
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user pe…
2025-07-01
Medium
CVE-2025-53096
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker t…
2025-06-24
Medium
CVE-2025-6434
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an except…
2025-06-23
High
CVE-2025-49144
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to ga…
2025-06-12
Medium
CVE-2025-49193
The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iF…
Medium
CVE-2025-49192
The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user pe…
2025-05-27
Medium
CVE-2025-5267
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunder…
2025-04-28
Medium
CVE-2025-43854
DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick us…
2025-04-07
Medium
CVE-2025-31138
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions (width and height…
2025-03-10
Low
CVE-2024-54558
A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access t…
2025-02-11
Medium
CVE-2025-24874
SAP Commerce (Backoffice) uses the deprecated X-FRAME-OPTIONS header to protect against clickjacking. While this protection remains effective now, it may not be the case in the future as browsers mig…
2025-01-27
Medium
CVE-2025-0729
A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. T…
2025-01-17
Medium
CVE-2024-57369
Clickjacking vulnerability in typecho v1.2.1.
2024-10-31
Medium
CVE-2024-10454
Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attack…
2024-10-01
Medium
CVE-2024-9397
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 1…
2024-08-13
Medium
CVE-2024-41907
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This cou…
2024-07-18
Medium
CVE-2024-30126
HCL BigFix Compliance is affected by a missing X-Frame-Options HTTP header which can allow an attacker to create a malicious website that embeds the target website in a frame or iframe, tricking user…
2024-06-28
Low
CVE-2024-30109
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or lin…
2024-06-14
High
CVE-2024-33377
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with c…
2024-06-06
Medium
CVE-2024-2383
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers.…
2024-04-24
Medium
CVE-2023-47774
Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7.
2024-03-19
Medium
CVE-2024-2609
The permission prompt input delay could expire while the window is not in focus. This makes it vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124, Firefox ESR…
2024-03-13
Medium
CVE-2024-28196
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking…
2024-02-26
Medium
CVE-2024-1890
Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1…
2024-02-10
Medium
CVE-2023-45698
Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks.
2023-12-31
Medium
CVE-2023-6093
A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to…
2023-12-19
Medium
CVE-2023-6867
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by…
2023-12-12
Medium
CVE-2023-4958
In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exp…
2023-11-30
Medium
CVE-2023-2265
An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an au…
2023-11-21
Medium
CVE-2023-6206
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click…
2023-11-20
Medium
CVE-2023-47311
An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking.
2023-11-07
Medium
CVE-2023-4956
A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on th…
2023-10-30
Medium
CVE-2023-36920
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated…
2023-10-19
High
CVE-2023-41897
Home assistant is an open source home automation. Home Assistant server does not set any HTTP security headers, including the X-Frame-Options header, which specifies whether the web page is allowed t…
2023-09-28
Medium
CVE-2023-38873
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent o…
2023-08-14
Medium
CVE-2023-38687
Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dr…
2023-06-22
Low
CVE-2023-23343
A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on a…
2023-06-07
Medium
CVE-2023-3140
Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNIME Business Hub before 1.4.0 has left users vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker…
2023-02-02
Medium
CVE-2022-40268
Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT200…
2023-02-01
Medium
CVE-2023-23126
Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor's position is that a Content-S…
2022-12-13
Medium
CVE-2022-46061
AeroCMS v0.0.1 is vulnerable to ClickJacking.
2022-12-08
Medium
CVE-2022-3260
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.
2022-11-21
Medium
CVE-2022-4105
A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack (clickjacking) and an HTML injection which disables the u…
2022-10-27
Medium
CVE-2022-36182
Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions…
2022-09-08
Medium
CVE-2022-36736
Jitsi-2.10.5550 was discovered to contain a vulnerability in its web UI which allows attackers to perform a clickjacking attack via a crafted HTTP request. NOTE: this is disputed by the vendor
2022-08-12
Medium
CVE-2022-2800
A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. Affected by this issue is some unknown functionality. The manipulation leads to clickjack…
2022-07-20
Medium
CVE-2022-2179
The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response, which could allow clickjacking attacks.
2022-07-07
Medium
CVE-2022-28889
In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.
2022-06-14
Medium
CVE-2022-27220
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220.…
Medium
CVE-2022-27219
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443.…
2022-05-12
Medium
CVE-2021-27773
This vulnerability allows users to execute a clickjacking attack in the meeting's chat.
2022-03-14
Medium
CVE-2022-24733
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable…
2022-03-10
Medium
CVE-2021-41657
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.
Medium
CVE-2021-3660
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be use…
2022-01-21
Medium
CVE-2022-22552
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing…
2022-01-10
High
CVE-2021-34087
In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the sett…
2021-11-16
Critical
CVE-2021-43048
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to ex…
2021-10-29
Medium
CVE-2021-35237
A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a win…
2021-10-12
Medium
CVE-2021-27003
Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.
2021-08-23
Medium
CVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.
2021-08-13
Medium
CVE-2021-32070
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an att…
2021-08-09
Medium
CVE-2021-37788
A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to…
2021-06-02
Medium
CVE-2020-10743
It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker t…
2021-03-23
Critical
CVE-2021-23274
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an u…
2021-02-26
Medium
CVE-2021-23955
The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox < 85.
2021-02-09
Medium
CVE-2021-21444
SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This coul…
2020-12-29
Medium
CVE-2020-35735
Vidyo 02-09-/D allows clickjacking via the portal/ URI.
2020-12-09
Medium
CVE-2020-26962
Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across…
2020-12-03
Medium
CVE-2020-5679
Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administ…
2020-10-28
Medium
CVE-2020-24711
The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack
2020-10-15
Medium
CVE-2020-15793
A vulnerability has been identified in Desigo Insight (All versions). The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could al…
2020-09-24
High
CVE-2020-13119
ismartgate PRO 1.5.9 is vulnerable to clickjacking.
2020-09-18
High
CVE-2020-8201
Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions,…
2020-08-11
Medium
CVE-2020-13174
The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malici…
2020-07-07
Medium
CVE-2019-4323
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
2020-04-15
Medium
CVE-2020-10951
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.
2020-04-06
Medium
CVE-2020-1728
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does n…
2020-04-02
Medium
CVE-2019-19001
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the applicat…
2020-02-27
High
CVE-2015-5686
Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrus…
2020-02-11
Medium
CVE-2019-13924
A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE…
Medium
CVE-2016-5710
NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors.
2020-02-05
Medium
CVE-2013-2682
Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.
Medium
CVE-2013-2675
Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information.
2020-01-29
Medium
CVE-2020-2105
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks.
2020-01-23
Medium
CVE-2013-6772
Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking
2019-12-12
Medium
CVE-2019-15930
Intesync Solismed 3.3sp allows Clickjacking.
2019-12-11
Medium
CVE-2013-4968
Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspe…
2019-11-25
Medium
CVE-2019-5861
Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page.
2019-10-04
Medium
CVE-2019-17131
vBulletin before 5.5.4 allows clickjacking.
2019-09-18
Medium
CVE-2019-1975
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vuln…
2019-09-16
High
CVE-2019-16371
LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be…
2019-09-09
Medium
CVE-2019-16175
A clickjacking vulnerability was found in Limesurvey before 3.17.14.
2019-08-14
High
CVE-2019-3639
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains…
2019-07-18
Medium
CVE-2019-3794
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
2019-07-09
Medium
CVE-2019-9147
Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation…
2019-06-24
Medium
CVE-2019-12880
BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cau…
2019-06-12
Medium
CVE-2019-0305
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects…