CVE-2019-0305

MEDIUM Year: 2019
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data.

Related Vulnerabilities

CVE-2013-2682

MEDIUM
CVSS:4.3(Medium)

Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.

CWE-10212013

CVE-2013-5594

MEDIUM
CVSS:4.3(Medium)

Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding

CWE-10212013

CVE-2013-6772

MEDIUM
CVSS:4.3(Medium)

Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking

CWE-10212013

CVE-2017-5026

MEDIUM
CVSS:4.3(Medium)

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't...

CWE-10212017

CVE-2018-12576

MEDIUM
CVSS:4.3(Medium)

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.

CWE-10212018

CVE-2018-6178

MEDIUM
CVSS:4.3(Medium)

Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a ...

CWE-10212018