Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remot…

Microsoft Internet Explorer 6, 7, and 8 does not enforce intended domain restrictions on conten…

Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows re…

Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a…

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjack…

Unspecified vulnerability in Opera before 9.5 allows remote attackers to spoof the contents of …

A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary co…

The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does …

The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in du…

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same…

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attr…

A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Au…

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation…

Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vu…

REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to cli…

Under certain circumstances, asynchronous functions could have caused a navigation to fail but …

Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbi…

In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent click…

Drivers are not always robust to extremely large draw calls and in some cases this scenario cou…

grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames

The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to caus…

By displaying a form validity message in the correct location at the same time as a permission …

Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior…

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, re…

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and…

Through a series of navigations, Firefox could have entered fullscreen mode without notificatio…

Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As …

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack th…

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from b…

BCN Quark Quarking Password Manager 3.1.84 suffers from a clickjacking vulnerability caused by …

Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prio…

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native…

Intesync Solismed 3.3sp allows Clickjacking.

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbo…

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input …

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for A…

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized lead…

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3…

It was possible to cause the browser to enter fullscreen mode without displaying the security U…

IBM WebSphere eXtreme Scale 8.6 Admin Console could allow a remote attacker to hijack the click…