CVE-2022-36182

Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow for the interception of login credentials, re-direction of users to malicious sites, or causing users to perform malicious actions on the site...

CVE-2021-34087

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking. This includes the settings page...

CVE-2021-37788

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device...

CVE-2021-32070

The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to perform a clickjacking attack due to an insecure header response. A successful exploit could allow an attacker to modify the browser header and redirect users...

CVE-2021-23955

The browser could have been confused into transferring a pointer lock state into another tab, which could have lead to clickjacking attacks. This vulnerability affects Firefox 85...

CVE-2021-21444

SAP Business Objects BI Platform, versions - 410, 420, 430, allows multiple X-Frame-Options headers entries in the response headers, which may not be predictably treated by all user agents. This could, as a result, nullify the added X-Frame-Options header leading to Clickjacking attack...

CVE-2021-3731

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions...

CVE-2020-26962

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox 83...

CVE-2020-15793

A vulnerability has been identified in Desigo Insight All versions. The device does not properly set the X-Frame-Options HTTP Header which makes it vulnerable to Clickjacking attacks. This could allow an unauthenticated attacker to retrieve or modify data in the context of a legitimate user by...

CVE-2020-13119

ismartgate PRO 1.5.9 is vulnerable to clickjacking...

CVE-2020-5679

Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted...

CVE-2020-35735

Vidyo 02-09-/D allows clickjacking via the portal/ URI...

CVE-2020-13174

The web server in the Teradici Managament console versions 20.04 and 20.01.1 did not properly set the X-Frame-Options HTTP header, which could allow an attacker to trick a user into clicking a malicious link via clickjacking...

CVE-2013-5482

Cisco Prime LAN Management Solution LMS does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCug77823...

CVE-2019-19001

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response. This can potentially allow 'ClickJacking' attacks where an attacker can frame parts of the application on a malicious web site, revealing sensitive user information such as authentication credentia...

CVE-2019-13924

A vulnerability has been identified in SCALANCE S602 All versions V4.1, SCALANCE S612 All versions V4.1, SCALANCE S623 All versions V4.1, SCALANCE S627-2M All versions V4.1, SCALANCE X-200 switch family incl. SIPLUS NET variants All versions 5.2.4, SCALANCE X-200IRT switch family incl. SIPLUS NET...

CVE-2019-4323

"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."...

CVE-2019-17131

vBulletin before 5.5.4 allows clickjacking...

CVE-2019-15930

Intesync Solismed 3.3sp allows Clickjacking...

CVE-2019-16175

A clickjacking vulnerability was found in Limesurvey before 3.17.14...