CVE-2022-20214

MEDIUM Year: 2022
CVSS v3 Score
4.7
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210

Related Vulnerabilities

CVE-2020-10951

MEDIUM
CVSS:4.7(Medium)

Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.

CWE-10212020

CVE-2020-6827

MEDIUM
CVSS:4.7(Medium)

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI. <br> *Note: This issue only affec...

CWE-10212020

CVE-2021-27003

MEDIUM
CVSS:4.7(Medium)

Clustered Data ONTAP versions prior to 9.5P18, 9.6P15, 9.7P14, 9.8P5 and 9.9.1 are missing an X-Frame-Options header which could allow a clickjacking attack.

CWE-10212021

CVE-2021-3731

MEDIUM
CVSS:4.7(Medium)

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions.

CWE-10212021

CVE-2021-38472

MEDIUM
CVSS:4.7(Medium)

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an admini...

CWE-10212021