CVE-2024-43084

MEDIUM Year: 2024
CVSS v3 Score
6.2
Medium
Weakness Type
CWE-1021
View all →

Vulnerability Description

In visitUris of multiple files, there is a possible information disclosure due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2024-7523

MEDIUM
CVSS:6.3(Medium)

A select option could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. *This issue only affects Android versions of Firefox.* This ...

CWE-10212024

CVE-2017-11290

MEDIUM
CVSS:6.1(Medium)

An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A UI Redress (or Clickjacking) vulnerability exists. This issue has been resolved by adding a feature that enables Connect administ...

CWE-10212017

CVE-2017-16775

MEDIUM
CVSS:6.1(Medium)

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vect...

CWE-10212017

CVE-2018-1803

MEDIUM
CVSS:6.1(Medium)

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malic...

CWE-10212018

CVE-2018-1853

MEDIUM
CVSS:6.1(Medium)

IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote ...

CWE-10212018

CVE-2018-19957

MEDIUM
CVSS:6.1(Medium)

A vulnerability involving insufficient HTTP security headers has been reported to affect QNAP NAS running QTS, QuTS hero, and QuTScloud. This vulnerability allows remote attackers to launch privacy an...

CWE-10212018