Filtered by CWE-1021
Filtered by vendor Subscriptions
Total 327 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-9147 1 Mailvelope 1 Mailvelope 2024-11-21 N/A
Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled (web_accessible_resources). Mailvelope implements additional measures to prevent web applications from directly embedding the settings page, but this mechanism can be bypassed.
CVE-2019-8771 2 Apple, Redhat 3 Iphone Os, Safari, Enterprise Linux 2024-11-21 6.1 Medium
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy.
CVE-2019-7393 1 Ca 2 Risk Authentication, Strong Authentication 2024-11-21 4.3 Medium
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases.
CVE-2019-5861 2 Google, Redhat 2 Chrome, Rhel Extras 2024-11-21 4.3 Medium
Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page.
CVE-2019-5767 4 Debian, Fedoraproject, Google and 1 more 8 Debian Linux, Fedora, Android and 5 more 2024-11-21 N/A
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.
CVE-2019-5243 1 Huawei 2 Hg255s, Hg255s Firmware 2024-11-21 N/A
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability.
CVE-2019-4742 1 Ibm 1 Financial Transaction Manager For Multiplatform 2024-11-21 6.1 Medium
IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 172877.
CVE-2019-4548 1 Ibm 1 Security Directory Server 2024-11-21 6.1 Medium
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950.
CVE-2019-4323 1 Hcltech 1 Appscan 2024-11-21 4.3 Medium
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
CVE-2019-4285 1 Ibm 1 Websphere Application Server 2024-11-21 5.4 Medium
IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513.
CVE-2019-4217 1 Ibm 1 Security Information Queue 2024-11-21 6.1 Medium
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226.
CVE-2019-4215 1 Ibm 1 Smartcloud Analytics Log Analysis 2024-11-21 6.1 Medium
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186.
CVE-2019-4109 1 Ibm 1 Websphere Extreme Scale 2024-11-21 6.1 Medium
IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102.
CVE-2019-4086 1 Ibm 1 Application Performance Management 2024-11-21 6.1 Medium
IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509.
CVE-2019-4058 1 Ibm 1 Bigfix Platform 2024-11-21 6.5 Medium
IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570.
CVE-2019-3794 1 Pivotal Software 1 Cloud Foundry Uaa 2024-11-21 5.4 Medium
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites.
CVE-2019-3639 1 Mcafee 1 Web Gateway 2024-11-21 N/A
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header.
CVE-2019-2125 1 Google 1 Android 2024-11-21 N/A
In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132275252.
CVE-2019-19001 1 Hitachienergy 1 Esoms 2024-11-21 6.5 Medium
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials.
CVE-2019-17131 1 Vbulletin 1 Vbulletin 2024-11-21 4.3 Medium
vBulletin before 5.5.4 allows clickjacking.