Improper Restriction of Rendered UI Layers or Frames

Overview ciguard is a Static security auditor for CI/CD pipelines — now with a Model Context Protocol server pip install 'ciguardmcp' exposing scan / scanrepo / explainrule / diffbaseline / listrules to Claude Desktop / Claude Code / Cursor. Plus .ciguardignore rationale-required suppression,...

CVE-2025-0421 iFrame Injection in Mikrogrup's Shopside

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025...

EUVD-2025-29710

Malicious code in bioql PyPI...

CVE-2024-13066

Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.This issue affects LimonDesk: from s1.02.14 before v1.02.17...

CVE-2024-13066

Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking. This issue affects LimonDesk: from s1.02.14 before v1.02.17...

CVE-2025-25213

Improper restriction of rendered UI layers or frames issue exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If a user views and clicks on the content on the malicious page while logged in, unintended operations may be performed...

CVE-2023-47774

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7...

CVE-2023-47774

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7...

CVE-2023-47774 WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7...

CVE-2024-3911

Welotec SMART EMS WebUI is affected by CVE-2024-3911 (clickjacking) due to improper restriction of rendered UI layers or frames. An unauthenticated remote attacker can deceive users into unintended actions. Affected versions are prior to 3.1.4. Remediation: upgrade to 3.1.4 or later where fixed. ...

PT-2023-18603 · Schweitzer Engineering Laboratories · Sel-411L

Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-411L affected versions not specified Description: The issue is related to an improper restriction of rendered UI layers or frames, which could allow an unauthenticated attacker to perform...

CVE-2023-5103

The CVE-2023-5103 issue affects SICK APU’s RDT400, where improper restriction of rendered UI layers or frames can allow an unprivileged remote attacker to disclose sensitive information by tricking a user into clicking an actionable item in an iframe. Documents consistently identify the affected ...

CVE-2022-43378

A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 V4.7.0 and prior...

CVE-2023-1362 Improper Restriction of Rendered UI Layers or Frames in unilogies/bumsys

Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2...

CVE-2023-0780 Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev...

Mitsubishi Electric GOT2000 Series and GT SoftGOT2000 (CVE-2022-40268)

Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT...

GHSA-M379-X4XC-38X9 rdiffweb vulnerable to Improper Restriction of Rendered UI Layers or Frames

rdiffweb prior to 2.4.1 is vulnerable to Improper Restriction of Rendered UI Layers or Frames. This allows attackers to perform clickjacking attacks that can trick victims into performing actions such as entering passwords, liking or deleting posts, and/or initiating an account deletion. This iss...

CVE-2022-3167

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1...

CVE-2022-2965

Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7...

CVE-2022-2965

CVE-2022-2965 affects notrinos/notrinoserp (a PHP/MySQL web ERP) prior to version 0.7. The root cause is improper restriction of rendered UI layers/frames (missing X-Frame-Options), enabling clickjacking that could lead to actions such as deleting a user account from the admin context. Public sou...