Total
350 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-16775 | 1 Synology | 1 Sso Server | 2024-11-21 | N/A |
| Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | ||||
| CVE-2016-5710 | 1 Netapp | 1 Snap Creator Framework | 2024-11-21 | 4.6 Medium |
| NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. | ||||
| CVE-2015-5686 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 8.8 High |
| Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session. | ||||
| CVE-2013-6772 | 1 Splunk | 1 Splunk | 2024-11-21 | 4.3 Medium |
| Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking | ||||
| CVE-2013-5594 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 Medium |
| Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding | ||||
| CVE-2013-2682 | 1 Cisco | 2 Linksys E4200, Linksys E4200 Firmware | 2024-11-21 | 4.3 Medium |
| Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information. | ||||
| CVE-2013-2675 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2024-11-21 | 6.5 Medium |
| Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. | ||||
| CVE-2024-10454 | 2024-11-01 | 6.1 Medium | ||
| Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click hijacking on victims. | ||||
| CVE-2024-8388 | 2 Google, Mozilla | 2 Android, Firefox | 2024-10-30 | 4.3 Medium |
| Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. *This bug only affects Firefox on Android. Other operating systems are unaffected.* This vulnerability affects Firefox < 130. | ||||
| CVE-2024-7518 | 2 Mozilla, Redhat | 9 Firefox, Firefox Esr, Thunderbird and 6 more | 2024-10-29 | 6.5 Medium |
| Select options could obscure the fullscreen notification dialog. This could be used by a malicious site to perform a spoofing attack. This vulnerability affects Firefox < 129, Firefox ESR < 128.1, and Thunderbird < 128.1. | ||||