Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames

DATE CVE VULNERABILITY TITLE RISK
2024-10-01 CVE-2024-9397 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking.
network
low complexity
mozilla CWE-1021
6.1
2024-07-30 CVE-2024-39320 Improper Restriction of Rendered UI Layers or Frames vulnerability in Discourse
Discourse is an open source discussion platform.
network
low complexity
discourse CWE-1021
6.1
2024-07-29 CVE-2024-40817 Improper Restriction of Rendered UI Layers or Frames vulnerability in Apple Macos
The issue was addressed with improved UI handling.
network
low complexity
apple CWE-1021
6.1
2024-07-16 CVE-2023-7013 Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Chrome
Inappropriate implementation in Compositing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially spoof security UI via a crafted HTML page.
network
low complexity
google CWE-1021
4.7
2024-06-27 CVE-2023-42011 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Sterling B2B Integrator 6.1/6.2
IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
network
low complexity
ibm CWE-1021
5.4
2024-06-11 CVE-2024-5698 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar.
network
low complexity
mozilla CWE-1021
6.1
2024-06-06 CVE-2024-2383 Improper Restriction of Rendered UI Layers or Frames vulnerability in Zenml
A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers.
network
low complexity
zenml CWE-1021
6.1
2024-04-23 CVE-2024-3911 An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. 
network
low complexity
CWE-1021
6.5
2024-02-10 CVE-2023-45698 Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Sametime Chat and Meetings
Sametime is impacted by lack of clickjacking protection in Outlook add-in.
network
low complexity
hcltech CWE-1021
6.1
2024-02-06 CVE-2024-20810 Improper Restriction of Rendered UI Layers or Frames vulnerability in Samsung Android 12.0/13.0
Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.
local
low complexity
samsung CWE-1021
3.3