CVE-2026-23731

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, The web application is vulnerable to clickjacking attacks. The WeGIA application does not send any defensive HTTP headers related to framing protection. In particular, X-Frame-Options is missing andContent-Security-Policy with...

EUVD-2020-7635

Malware in sbrugna...

CVE-2024-13248

Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0...

CVE-2024-13246

Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2...

SUSE CVE-2020-15648

Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird 78 and Firefox 78.0.2...

CVE-2020-26976

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the insecure framing. This vulnerability affects Firefox 84...

Security Vulnerabilities fixed in Firefox 84 — Mozilla

When a BigInt was right-shifted the backing store was not properly cleared, allowing uninitialized memory to be read. Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. The lifecycle of IPC Actors allows managed actors t...

CVE-2020-15648

Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird 78 and Firefox 78.0.2...

UBUNTU-CVE-2020-15648

Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird 78 and Firefox 78.0.2...

CVE-2020-15648

CVE-2020-15648 involves a framing bypass: using object/embed tags could frame other sites even if X-Frame-Options blocks framing. Affected: Firefox < 78.0.2 and Thunderbird

CVE-2017-3967

Target influence via framing vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames...

CVE-2017-3967 SB10192 - Network Security Management (NSM) - Target influence via framing vulnerability

Target influence via framing vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames...

CVE-2017-3967

CVE-2017-3967 affects McAfee Network Security Management (NSM) web interface prior to version 8.2.7.42.2. The issue is a framing vulnerability that allows a remote attacker to inject arbitrary web script or HTML by breaking out of third‑party frames in application pages. Documents consistently de...

The vulnerability of the Apache ActiveMQ software platform allows attackers to deploy malicious elements on a page and force users to activate them.

The vulnerability of the Apache ActiveMQ software platform’s web console is related to errors in sending the X-Frame-Options HTTP header. Exploiting this vulnerability allows a malicious actor to deploy malicious elements on a website and force users to activate them through specially crafted web...

SquirrelMail: Prone to clickjacking attacks

functions/pageheader.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...

DEBIAN-CVE-2011-3127

WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for 1 admin or 2 login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site...