In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870
CWE-1021
CVE-2022-1803
Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2.
CVE-2023-23126
** DISPUTED ** Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login screen can be iframed and used to manipulate users to perform unintended actions. NOTE: the vendor’s position is that a Content-Security-Policy HTTP response header is present to block this attack.
CVE-2023-20913
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785
CVE-2023-0780
Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev.
CVE-2023-0057
Improper Restriction of Rendered UI Layers or Frames in GitHub repository pyload/pyload prior to 0.5.0b3.dev33.