CVE-2022-20226

LOW Year: 2022
CVSS v3 Score
3.9
Low
CVSS v2 Score
3.3
Low
Weakness Type
CWE-1021
View all →

Vulnerability Description

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870

Related Vulnerabilities

CVE-2023-0780

MEDIUM
CVSS:4.0(Medium)

Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.

CWE-10212023

CVE-2021-33596

MEDIUM
CVSS:4.1(Medium)

Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requir...

CWE-10212021

CVE-2023-0654

LOW
CVSS:3.7(Low)

Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on ...

CWE-10212023

CVE-2024-30109

LOW
CVSS:3.7(Low)

HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link ...

CWE-10212024

CVE-2013-2682

MEDIUM
CVSS:4.3(Medium)

Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.

CWE-10212013

CVE-2013-5594

MEDIUM
CVSS:4.3(Medium)

Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding

CWE-10212013