CVE-2019-9147

MEDIUM Year: 2019
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. As the settings page is intended to be accessible from web applications, the browser's extension isolation mechanisms are disabled (web_accessible_resources). Mailvelope implements additional measures to prevent web applications from directly embedding the settings page, but this mechanism can be bypassed.

Related Vulnerabilities

CVE-2013-2682

MEDIUM
CVSS:4.3(Medium)

Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vulnerability which allows remote attackers to obtain sensitive information.

CWE-10212013

CVE-2013-5594

MEDIUM
CVSS:4.3(Medium)

Mozilla Firefox before 25 allows modification of anonymous content of pluginProblem.xml binding

CWE-10212013

CVE-2013-6772

MEDIUM
CVSS:4.3(Medium)

Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking

CWE-10212013

CVE-2017-5026

MEDIUM
CVSS:4.3(Medium)

Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't...

CWE-10212017

CVE-2018-12576

MEDIUM
CVSS:4.3(Medium)

TP-Link TL-WR841N v13 00000001 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n devices allow clickjacking.

CWE-10212018

CVE-2018-6178

MEDIUM
CVSS:4.3(Medium)

Eliding from the wrong side in an infobar in DevTools in Google Chrome prior to 68.0.3440.75 allowed an attacker who convinced a user to install a malicious extension to Hide Chrome Security UI via a ...

CWE-10212018