Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3797 matches found

CNVD
CNVDadded 2020/12/30 12:0 a.m.9 views

Unspecified Vulnerability in Ec-cube

Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . A security vulnerability exists in EC-CUBE versions 3.0.0 through 3.0.18, which stems from Failure to properly restrict the rendering of UI layers or frames can lead to clickjacking attacks. If a user accesses a special...

6.1CVSS6.6AI score0.00655EPSS
Exploits0References1
NVD
NVDadded 2020/12/29 7:15 p.m.9 views

CVE-2020-35735

Vidyo 02-09-/D allows clickjacking via the portal/ URI...

4.7CVSS4.9AI score0.00721EPSS
Exploits1References2
Prion
Prionadded 2020/12/29 7:15 p.m.10 views

Code injection

Vidyo 02-09-/D allows clickjacking via the portal/ URI...

4.3CVSS4.9AI score0.00721EPSS
Exploits1References2
Cvelist
Cvelistadded 2020/12/29 6:5 p.m.12 views

CVE-2020-35735

Vidyo 02-09-/D allows clickjacking via the portal/ URI...

4.9AI score0.00721EPSS
Exploits1References2
CVE
CVEadded 2020/12/29 6:5 p.m.40 views

CVE-2020-35735

Vidyo CVE-2020-35735 concerns a clickjacking vulnerability in Vidyo 02-09-/D. CNVD-2021-01558 and related records indicate the issue stems from the absence of protective headers such as X-Frame-Options, enabling clickjacking via the portal URI. No explicit exploit details, affected versions beyon...

4.7CVSS4.8AI score0.00721EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2020/12/29 12:0 a.m.2 views

Vidyo 安全漏洞

Vidyo is a software used to support video conferencing from Vidyo, Inc. in the United States. A clickjacking vulnerability exists in Vidyo version 02-09-/D. The vulnerability stems from the absence of protection such as X-Frame-Options, which could be exploited by an attacker to achieve...

4.7CVSS5.8AI score0.00721EPSS
Exploits1References3
CNVD
CNVDadded 2020/12/15 12:0 a.m.22 views

Unspecified Vulnerability in Mozilla FireFox (CNVD-2021-00393)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 83, which stems from the fact that a cross-domain iframe containing a login form may have been recognized and populated by the login...

6.1CVSS8.7AI score0.0069EPSS
Exploits0References1
OSV
OSVadded 2020/12/09 1:15 a.m.3 views

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

6.1CVSS6.9AI score0.0069EPSS
Exploits0References2
Prion
Prionadded 2020/12/09 1:15 a.m.20 views

Cross site scripting

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

4.3CVSS6.6AI score0.0069EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2020/12/09 12:24 a.m.153 views

CVE-2020-26962

CVE-2020-26962 affects Mozilla Firefox up to version 82 (Firefox

6.1CVSS6.4AI score0.0069EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2020/12/09 12:24 a.m.25 views

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

6.1CVSS8.1AI score0.0069EPSS
Exploits0
Cvelist
Cvelistadded 2020/12/09 12:24 a.m.20 views

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

6.6AI score0.0069EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2020/12/09 12:24 a.m.37 views

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

6.1CVSS6.7AI score0.0069EPSS
Exploits0
Veracode
Veracodeadded 2020/12/06 4:6 a.m.19 views

Clickjacking

WebUI is vulnerable to clickjacking. The vulnerability existed when the X-Frame-Options header is not set...

6.1CVSS1.2AI score0.00673EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2020/12/03 12:15 p.m.28 views

CVE-2020-5679

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...

6.1CVSS6.2AI score0.00655EPSS
Exploits0References2
OSV
OSVadded 2020/12/03 12:15 p.m.15 views

CVE-2020-5679

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...

6.1CVSS6.8AI score
Exploits0References2
Prion
Prionadded 2020/12/03 12:15 p.m.18 views

Input validation

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...

4.3CVSS6.4AI score0.00655EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2020/12/03 11:15 a.m.33 views

CVE-2020-5679

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...

6.3AI score0.00655EPSS
Exploits0References2
CVE
CVEadded 2020/12/03 11:15 a.m.47 views

CVE-2020-5679

EC-CUBE ABClass: CVE-2020-5679 describes an improper restriction of rendered UI layers or frames in EC-CUBE 3.0.0–3.0.18, enabling clickjacking when an admin session is active. The issue arises from rendering UI layers/frames without adequate containment, potentially causing unintended actions by...

6.1CVSS6.3AI score0.00655EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2020/12/03 9:15 a.m.5 views

Multiple vulnerabilities in EC-CUBE

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Clickjacking attacks CWE-1021 - CVE-2020-5679 Improper input validation CWE-20 - CVE-2020-5680 EC-CUBE CO.,LTD. reported these vulnerabilities to JPCERT/CC to notify users of its solution through JVN...

7.5CVSS6.8AI score0.01367EPSS
Exploits0References8
Rows per page
Query Builder