ReportizFlow
Filtered by vendor
Subscriptions
Total
327 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16371 | 1 Logmein | 1 Lastpass | 2024-11-21 | 8.2 High |
| LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be bypassed via clickjacking. | ||||
| CVE-2019-16175 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 Medium |
| A clickjacking vulnerability was found in Limesurvey before 3.17.14. | ||||
| CVE-2019-15930 | 1 Intesync | 1 Solismed | 2024-11-21 | 4.3 Medium |
| Intesync Solismed 3.3sp allows Clickjacking. | ||||
| CVE-2019-13924 | 1 Siemens | 16 Scalance X-200irt, Scalance X-200irt Firmware, Scalance X-300 and 13 more | 2024-11-21 | 5.4 Medium |
| A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. | ||||
| CVE-2019-12880 | 1 Bcnquark | 1 Quarking Password Manager | 2024-11-21 | N/A |
| BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm. | ||||
| CVE-2019-0305 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | N/A |
| Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data. | ||||
| CVE-2018-9524 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870 | ||||
| CVE-2018-9458 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287. | ||||
| CVE-2018-7491 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A |
| In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values. | ||||
| CVE-2018-6909 | 1 Rainmachine | 1 Rainmachine Web Application | 2024-11-21 | N/A |
| A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. | ||||
| CVE-2018-6178 | 3 Debian, Google, Redhat | 6 Debian Linux, Chrome, Enterprise Linux Desktop and 3 more | 2024-11-21 | N/A |
| Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a crafted Chrome Extension. | ||||
| CVE-2018-1853 | 6 Apple, Hp, Ibm and 3 more | 7 Macos, Hp-ux, Aix and 4 more | 2024-11-21 | 6.1 Medium |
| IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 151014. | ||||
| CVE-2018-1803 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | N/A |
| IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 149702. | ||||
| CVE-2018-1432 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | N/A |
| IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise a Clickjacking attack to conduct phishing, frame sniffing, social engineering or Cross-Site Request Forgery attacks. IBM X-Force ID: 139360. | ||||
| CVE-2018-19957 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 6.1 Medium |
| A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy and security attacks. We have already fixed this vulnerability in the following versions: QTS 4.5.4.1715 build 20210630 and later QuTS hero h4.5.4.1771 build 20210825 and later QuTScloud c4.5.6.1755 build 20210809 and later | ||||
| CVE-2018-18496 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | N/A |
| When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. *Note: This issue only affects Windows operating systems. Other operating systems are not affected.*. This vulnerability affects Firefox < 64. | ||||
| CVE-2018-17192 | 1 Apache | 1 Nifi | 2024-11-21 | N/A |
| The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consistently apply the security headers was applied on the Apache NiFi 1.8.0 release. Users running a prior 1.x release should upgrade to the appropriate release. | ||||
| CVE-2018-16172 | 1 Cybozu | 1 Remote Service Manager | 2024-11-21 | N/A |
| Improper countermeasure against clickjacking attack in client certificates management screen was discovered in Cybozu Remote Service 3.0.0 to 3.1.8, that allows remote attackers to trick a user to delete the registered client certificate. | ||||
| CVE-2018-12576 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | N/A |
| TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. | ||||
| CVE-2017-7440 | 3 Apple, Gfi, Microsoft | 4 Macos, Kerio Connect, Kerio Connect Client and 1 more | 2024-11-21 | 6.5 Medium |
| Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. | ||||