Filtered by vendor
Subscriptions
Total
327 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-9147 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | N/A |
Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled (web_accessible_resources). Mailvelope implements additional measures to prevent web applications from directly embedding the settings page, but this mechanism can be bypassed. | ||||
CVE-2019-8771 | 2 Apple, Redhat | 3 Iphone Os, Safari, Enterprise Linux | 2024-11-21 | 6.1 Medium |
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. | ||||
CVE-2019-7393 | 1 Ca | 2 Risk Authentication, Strong Authentication | 2024-11-21 | 4.3 Medium |
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. | ||||
CVE-2019-5861 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-11-21 | 4.3 Medium |
Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. | ||||
CVE-2019-5767 | 4 Debian, Fedoraproject, Google and 1 more | 8 Debian Linux, Fedora, Android and 5 more | 2024-11-21 | N/A |
Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. | ||||
CVE-2019-5243 | 1 Huawei | 2 Hg255s, Hg255s Firmware | 2024-11-21 | N/A |
There is a Clickjacking vulnerability in Huawei HG255s product. An attacker may trick user to click a link and affect the integrity of a device by exploiting this vulnerability. | ||||
CVE-2019-4742 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 6.1 Medium |
IBM Financial Transaction Manager 3.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 172877. | ||||
CVE-2019-4548 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 6.1 Medium |
IBM Security Directory Server 6.4.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 165950. | ||||
CVE-2019-4323 | 1 Hcltech | 1 Appscan | 2024-11-21 | 4.3 Medium |
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." | ||||
CVE-2019-4285 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 5.4 Medium |
IBM WebSphere Application Server - Liberty Admin Center could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could send a specially-crafted HTTP request to hijack the victim's click actions or launch other client-side browser attacks. IBM X-Force ID: 160513. | ||||
CVE-2019-4217 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 6.1 Medium |
IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226. | ||||
CVE-2019-4215 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2024-11-21 | 6.1 Medium |
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186. | ||||
CVE-2019-4109 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 6.1 Medium |
IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. | ||||
CVE-2019-4086 | 1 Ibm | 1 Application Performance Management | 2024-11-21 | 6.1 Medium |
IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. | ||||
CVE-2019-4058 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 6.5 Medium |
IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570. | ||||
CVE-2019-3794 | 1 Pivotal Software | 1 Cloud Foundry Uaa | 2024-11-21 | 5.4 Medium |
Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites. | ||||
CVE-2019-3639 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | N/A |
Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. | ||||
CVE-2019-2125 | 1 Google | 1 Android | 2024-11-21 | N/A |
In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132275252. | ||||
CVE-2019-19001 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.5 Medium |
For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. | ||||
CVE-2019-17131 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 4.3 Medium |
vBulletin before 5.5.4 allows clickjacking. |