Vulnerabilities > Improper Restriction of Rendered UI Layers or Frames
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2021-44683 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Duckduckgo The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due to mishandling of the JavaScript window.open function (used to open a secondary browser window). | 5.8 |
| 2022-03-16 | CVE-2021-39692 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0 In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. | 9.3 |
| 2022-03-16 | CVE-2021-39702 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 12.0 In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. | 9.3 |
| 2022-03-14 | CVE-2022-24733 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Sylius Sylius is an open source eCommerce platform. | 5.8 |
| 2022-03-11 | CVE-2021-27414 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Hitachienergy Ellipse Enterprise Asset Management An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. | 6.1 |
| 2022-03-11 | CVE-2021-46708 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Smartbear Swagger UI The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2022-03-10 | CVE-2021-41657 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Smartbear Collaborator 6.1.6102 SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. | 6.1 |
| 2022-03-10 | CVE-2021-3660 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Cockpit (and its plugins) do not seem to protect itself against clickjacking. | 4.3 |
| 2022-02-24 | CVE-2021-39038 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.2 could allow a remote attacker to hijack the clicking action of the victim. | 3.5 |
| 2022-02-12 | CVE-2022-0110 | Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |