Weaknesses of type CWE-1021
189 resultsCVE-2024-28196MEDIUMClickjacking in your_spotifyEPSS 0.4%CVE-2022-3260MEDIUMThe response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these EPSS 0.4%CVE-2022-32517MEDIUMA CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface uEPSS 0.4%CVE-2022-45417MEDIUMService Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk fEPSS 0.4%CVE-2021-3734MEDIUMImproper Restriction of Rendered UI Layers or Frames in yourls/yourlsEPSS 0.4%CVE-2023-3140MEDIUMKNIME Hub Web Application is vulnerable to clickjackingEPSS 0.4%CVE-2025-6983MEDIUMClickjacking vulnerability on the management web application of TP-LINK Archer C1200EPSS 0.4%CVE-2023-2265MEDIUMImproper restriction of rendered UI layers or frames could lead to clickjacking attackEPSS 0.4%CVE-2025-1018HIGHFullscreen notification is not displayed when fullscreen is re-requestedEPSS 0.4%CVE-2024-49796MEDIUMIBM ApplinX ClickjackingEPSS 0.4%CVE-2022-28649MEDIUMIn JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue descriptionEPSS 0.4%CVE-2024-10004CRITICALOpening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in tEPSS 0.4%CVE-2023-0780MEDIUMImproper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpitEPSS 0.4%CVE-2024-30109LOWLack of Clickjacking Protection vulnerability affects DRYiCE AEX v10EPSS 0.4%CVE-2024-39320MEDIUMDiscourse allows iframe injection though default site settingEPSS 0.4%CVE-2024-9397MEDIUMA missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjackingEPSS 0.4%CVE-2024-2383MEDIUMClickjacking Vulnerability in zenml-io/zenmlEPSS 0.4%CVE-2023-34658—Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController.EPSS 0.4%CVE-2023-28159MEDIUMThe fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion orEPSS 0.3%CVE-2023-25748MEDIUMBy displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion orEPSS 0.3%