Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames

DATE CVE VULNERABILITY TITLE RISK
2024-04-23 CVE-2024-3911 An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. 
network
low complexity
CWE-1021
6.5
2024-02-06 CVE-2024-20810 Improper Restriction of Rendered UI Layers or Frames vulnerability in Samsung Android 12.0/13.0
Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.
local
low complexity
samsung CWE-1021
3.3
2024-01-18 CVE-2024-0669 Improper Restriction of Rendered UI Layers or Frames vulnerability in Plone
A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5.
network
low complexity
plone CWE-1021
7.1
2024-01-10 CVE-2022-32919 Improper Restriction of Rendered UI Layers or Frames vulnerability in Apple Ipados and Iphone OS
The issue was addressed with improved UI handling.
network
low complexity
apple CWE-1021
4.7
2023-12-31 CVE-2023-6093 Improper Restriction of Rendered UI Layers or Frames vulnerability in Moxa Oncell G3150A-Lte Firmware
A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior.
network
low complexity
moxa CWE-1021
6.1
2023-12-19 CVE-2023-6867 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts.
network
low complexity
mozilla debian CWE-1021
6.1
2023-12-12 CVE-2023-4958 Improper Restriction of Rendered UI Layers or Frames vulnerability in Redhat Advanced Cluster Security 3.0/4.0
In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack.
network
low complexity
redhat CWE-1021
6.1
2023-11-30 CVE-2023-2265 Improper Restriction of Rendered UI Layers or Frames vulnerability in Selinc Sel-411L Firmware
An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details.
network
low complexity
selinc CWE-1021
6.1
2023-11-21 CVE-2023-6206 Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts.
network
low complexity
mozilla debian CWE-1021
5.4
2023-11-21 CVE-2023-6211 Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game.
network
low complexity
mozilla CWE-1021
6.5