CWE-1021
Improper Restriction of Rendered UI Layers or Frames
Description
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-103 · CAPEC-181 · CAPEC-222 · CAPEC-504 · CAPEC-506 · CAPEC-587 · CAPEC-654
CVEs mapped to this weakness (89)
page 2 of 5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1432 | Med | 0.40 | 6.1 | 0.01 | Jun 5, 2018 | IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise… | ||
| CVE-2017-11290 | Med | 0.40 | 6.1 | 0.03 | Dec 9, 2017 | An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks. | ||
| CVE-2026-47723 | hig | 0.39 | — | 0.00 | Jun 8, 2026 | None of the response paths in `internal/web/` or `internal/api/` set the standard browser-security headers. `grep` for `Content-Security-Policy`, `X-Frame-Options`, `Strict-Transport-Security`, `X-Content-Type-Options`, `Referrer-Policy` returns zero matches across the codebase.… | ||
| CVE-2024-55888 | Hig | 0.39 | 7.1 | 0.00 | Dec 12, 2024 | Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of… | ||
| CVE-2026-0061 | Med | 0.38 | 5.9 | 0.00 | Jun 1, 2026 | In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… | ||
| CVE-2025-23205 | Med | 0.38 | — | 0.00 | Jan 17, 2025 | nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration… | ||
| CVE-2017-0492 | Med | 0.36 | 5.5 | 0.00 | Mar 8, 2017 | An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either… | ||
| CVE-2026-12323 | Med | 0.35 | 5.4 | 0.00 | Jun 16, 2026 | Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||
| CVE-2026-12322 | Med | 0.35 | 5.4 | 0.00 | Jun 16, 2026 | Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | ||
| CVE-2025-30191 | Med | 0.35 | 5.4 | 0.00 | Oct 31, 2025 | Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the… | ||
| CVE-2025-5267 | Med | 0.35 | 5.4 | 0.00 | May 27, 2025 | A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11. | ||
| CVE-2025-1018 | Med | 0.34 | 5.3 | 0.00 | Feb 4, 2025 | The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135. | ||
| CVE-2024-6466 | Med | 0.34 | 5.3 | 0.00 | Jan 21, 2025 | NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset configurations or restart products via network with X-FRAME-OPTIONS is not specified. | ||
| CVE-2026-42502 | — | Med | 0.33 | 6.1 | 0.00 | May 22, 2026 | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. | |
| CVE-2026-27136 | Med | 0.33 | 6.1 | 0.00 | May 22, 2026 | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. | ||
| CVE-2026-25681 | Med | 0.33 | 6.1 | 0.00 | May 22, 2026 | Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering. | ||
| CVE-2025-64387 | — | Med | 0.33 | — | 0.00 | Oct 31, 2025 | The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making… | |
| CVE-2025-6983 | Med | 0.33 | — | 0.00 | Jul 16, 2025 | A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 <= 1.1.5. | ||
| CVE-2025-0421 | Med | 0.31 | 4.7 | 0.00 | Nov 19, 2025 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay. This issue affects Shopside: through 05022025. | ||
| CVE-2025-0546 | Med | 0.31 | 4.7 | 0.00 | Sep 17, 2025 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high… |
- risk 0.40cvss 6.1epss 0.01
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to cross-frame scripting which is a vulnerability that allows an attacker to load Information Server components inside an HTML iframe tag on a malicious page. The attacker could use this weakness to devise…
- risk 0.40cvss 6.1epss 0.03
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administrators to protect users from UI redressing (or clickjacking) attacks.
- risk 0.39cvss —epss 0.00
None of the response paths in `internal/web/` or `internal/api/` set the standard browser-security headers. `grep` for `Content-Security-Policy`, `X-Frame-Options`, `Strict-Transport-Security`, `X-Content-Type-Options`, `Referrer-Policy` returns zero matches across the codebase.…
- risk 0.39cvss 7.1epss 0.00
Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of…
- risk 0.38cvss 5.9epss 0.00
In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
- risk 0.38cvss —epss 0.00
nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration…
- risk 0.36cvss 5.5epss 0.00
An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either…
- risk 0.35cvss 5.4epss 0.00
Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- risk 0.35cvss 5.4epss 0.00
Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- risk 0.35cvss 5.4epss 0.00
Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the…
- risk 0.35cvss 5.4epss 0.00
A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability was fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11.
- risk 0.34cvss 5.3epss 0.00
The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135.
- risk 0.34cvss 5.3epss 0.00
NEC Corporation's WebSAM DeploymentManager v6.0 to v6.80 allows an attacker to reset configurations or restart products via network with X-FRAME-OPTIONS is not specified.
- risk 0.33cvss 6.1epss 0.00
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
- risk 0.33cvss 6.1epss 0.00
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
- risk 0.33cvss 6.1epss 0.00
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
- risk 0.33cvss —epss 0.00
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making…
- risk 0.33cvss —epss 0.00
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 <= 1.1.5.
- risk 0.31cvss 4.7epss 0.00
Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay. This issue affects Shopside: through 05022025.
- risk 0.31cvss 4.7epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Restriction of Rendered UI Layers or Frames vulnerability in Mevzuattr Software MevzuatTR allows Phishing, iFrame Overlay, Clickjacking, Forceful Browsing. This issue needs high…