CVE-2022-36736

Jitsi-2.10.5550 was discovered to contain a vulnerability in its web UI which allows attackers to perform a clickjacking attack via a crafted HTTP request. NOTE: this is disputed by the vendor...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

CVE-2011-2892

Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

CVE-2012-2294

EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page...

CVE-2025-31138

CVE-2025-31138 affects tarteaucitron.js before 1.20.1, where unvalidated user-controlled inputs for element dimensions (width/height) could be used to cover the viewport and enable clickjacking. The vulnerability arises from improper validation of CSS values, potentially allowing overlays of mali...

Top Echelon Software: Clickjacking in main domain https://topechelon.com/

The target website was vulnerable to Clickjacking, a web-based attack that tricked users into interacting with a hidden or disguised iframe. The vulnerability could have been exploited to manipulate user actions, potentially leading to unauthorized activities...

New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites

Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo...

ROS-20240814-05

A vulnerability in the "Save As" function of Mozilla Firefox, Firefox ESR and Thunderbird email client on Windows operating systems is related to insufficient input data validation. Thunderbird email client of Windows operating systems is related to insufficient input data validation. Exploitatio...

ROS-20240814-06

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the use of hidden side channels. exploitation of hidden side channels. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain unauthorized access to protected information...

CVE-2024-41907

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack...

CVE-2024-41907

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V2.0. The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack...

The vulnerability of the microprogramming software in the Moxa OnCell G3150A-LTE industrial LTE modem series arises from improper limitation of the number of displayed layers or frames on the user interface. This allows attackers to carry out a clickjacking attack.

The vulnerability of the microprogramming software in the Moxa OnCell G3150A-LTE industrial LTE modem series lies in improper restrictions on the layers or frames displayed by the user interface. Exploiting this vulnerability allows a remote attacker to carry out a clickjacking attack...

The vulnerability of Firefox browsers, including Firefox ESR, relates to information representation errors in the user interface, which allows attackers to carry out clickjacking attacks.

The vulnerability of Firefox browsers and Firefox ESR lies in information representation errors at the user interface level. Exploiting this vulnerability allows a remote attacker to carry out a clickjacking attack...

CVE-2023-4958

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

Design/Logic Flaw

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

The vulnerability in the full-screen mode of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, allows attackers to carry out clickjacking attacks.

The vulnerability in the full-screen mode of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to carry out a clickjacking attack...

CVE-2023-4958

In Red Hat Advanced Cluster Security RHACS, it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptivel...

Mozilla Firefox and Firefox ESR Security Bypass Vulnerability (CNVD-2023-61752)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox ESR is Firefox Enterprise Edition. A security bypass vulnerability exists in Mozilla Firefox and Firefox ESR, which can be exploited by attackers to trick users into granting privileges using...

Improper Restriction of Rendered UI Layers or Frames

Description It can be possible to perform a clickjacking attack due to the lack of frame restrictions. The application does not set the response header X-Frame-Options: DENY. Proof of Concept http://localhost:8000/admin/ Response headers http HTTP/1.1 200 OK Server: gunicorn Date: Tue, 24 Jan 202...

Hardcoded credentials

The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks...