Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-19 | CVE-2023-6867 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. | 6.1 |
| 2023-11-30 | CVE-2023-2265 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Selinc Sel-411L Firmware An Improper Restriction of Rendered UI Layers or Frames in the Schweitzer Engineering Laboratories SEL-411L could allow an unauthenticated attacker to perform clickjacking based attacks against an authenticated and authorized user. See product Instruction Manual Appendix A dated 20230830 for more details. | 6.1 |
| 2023-11-21 | CVE-2023-6206 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. | 5.4 |
| 2023-11-21 | CVE-2023-6211 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. | 6.5 |
| 2023-11-20 | CVE-2023-47311 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Spaceapplications Yacms 5.8.6 An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking. | 6.1 |
| 2023-11-07 | CVE-2023-4956 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Redhat Quay 3.0.0 A flaw was found in Quay. | 4.3 |
| 2023-10-30 | CVE-2023-36920 | Improper Restriction of Rendered UI Layers or Frames vulnerability in SAP products In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information. | 6.1 |
| 2023-10-25 | CVE-2023-5721 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. | 4.3 |
| 2023-10-19 | CVE-2023-41897 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Home-Assistant Home assistant is an open source home automation. | 9.6 |
| 2023-10-09 | CVE-2023-5103 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Sick Apu0200 Firmware Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe. | 4.3 |