Total
359 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4217 | 1 Ibm | 1 Security Information Queue | 2024-11-21 | 6.1 Medium |
| IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, and 1.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159226. | ||||
| CVE-2019-4215 | 1 Ibm | 1 Smartcloud Analytics Log Analysis | 2024-11-21 | 6.1 Medium |
| IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 159186. | ||||
| CVE-2019-4109 | 1 Ibm | 1 Websphere Extreme Scale | 2024-11-21 | 6.1 Medium |
| IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 158102. | ||||
| CVE-2019-4086 | 1 Ibm | 1 Application Performance Management | 2024-11-21 | 6.1 Medium |
| IBM Cloud Application Performance Management 8.1.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 157509. | ||||
| CVE-2019-4058 | 1 Ibm | 1 Bigfix Platform | 2024-11-21 | 6.5 Medium |
| IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570. | ||||
| CVE-2019-3794 | 1 Pivotal Software | 1 Cloud Foundry Uaa | 2024-11-21 | 5.4 Medium |
| Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites. | ||||
| CVE-2019-3639 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | N/A |
| Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. | ||||
| CVE-2019-2125 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132275252. | ||||
| CVE-2019-19001 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 6.5 Medium |
| For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentials. | ||||
| CVE-2019-17131 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 4.3 Medium |
| vBulletin before 5.5.4 allows clickjacking. | ||||
| CVE-2019-16371 | 1 Logmein | 1 Lastpass | 2024-11-21 | 8.2 High |
| LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be bypassed via clickjacking. | ||||
| CVE-2019-16175 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 Medium |
| A clickjacking vulnerability was found in Limesurvey before 3.17.14. | ||||
| CVE-2019-15930 | 1 Intesync | 1 Solismed | 2024-11-21 | 4.3 Medium |
| Intesync Solismed 3.3sp allows Clickjacking. | ||||
| CVE-2019-13924 | 1 Siemens | 16 Scalance X-200irt, Scalance X-200irt Firmware, Scalance X-300 and 13 more | 2024-11-21 | 5.4 Medium |
| A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. | ||||
| CVE-2019-12880 | 1 Bcnquark | 1 Quarking Password Manager | 2024-11-21 | N/A |
| BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by allowing * within web_accessible_resources. An attacker can take advantage of this vulnerability and cause significant harm. | ||||
| CVE-2019-0305 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | N/A |
| Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data. | ||||
| CVE-2018-9524 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-34170870 | ||||
| CVE-2018-9458 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In computeFocusedWindow of RootWindowContainer.java, and related functions, there is possible interception of keypresses due to focus being on the wrong window. This could lead to local escalation of privilege revealing the user's keypresses while the screen was locked with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-71786287. | ||||
| CVE-2018-7491 | 1 Prestashop | 1 Prestashop | 2024-11-21 | N/A |
| In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values. | ||||
| CVE-2018-6909 | 1 Rainmachine | 1 Rainmachine Web Application | 2024-11-21 | N/A |
| A missing X-Frame-Options header in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application could be used by a remote attacker for clickjacking, as demonstrated by triggering an API page request. | ||||