Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-05 | CVE-2018-15423 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Hyperflex HX Data Platform 2.6(1D)/3.0(1A) A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. | 4.3 |
| 2018-07-02 | CVE-2018-12576 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Tp-Link Tl-Wr841N Firmware 0.9.14.16 TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking. | 4.3 |
| 2018-06-07 | CVE-2018-0355 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Unified Communications Manager A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. | 4.3 |
| 2018-02-26 | CVE-2018-7491 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Prestashop In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking vulnerability was found that might lead to state-changing impact in the context of a user or an admin, because the generateHtaccess function in classes/Tools.php sets neither X-Frame-Options nor 'Content-Security-Policy "frame-ancestors' values. | 5.0 |
| 2017-12-09 | CVE-2017-11290 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Adobe Connect An issue was discovered in Adobe Connect 9.6.2 and earlier versions. | 4.3 |
| 2017-06-14 | CVE-2017-5697 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Intel Active Management Technology Firmware Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page. | 6.5 |
| 2017-05-17 | CVE-2017-4015 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header. | 4.5 |
| 2017-05-02 | CVE-2017-7440 | Improper Restriction of Rendered UI Layers or Frames vulnerability in GFI Kerio Connect and Kerio Connect Client Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message. | 6.5 |
| 2017-03-08 | CVE-2017-0492 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 7.0/7.1.0/7.1.1 An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. | 4.3 |
| 2017-02-17 | CVE-2017-5026 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Chrome Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page. | 4.3 |