CWE-1021: Improper Restriction of Rendered UI Layers or Frames
ID
CWE-1021
Abstraction
Base
Structure
Simple
Status
Incomplete
Number of CVEs
271
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
A web application is expected to place restrictions on whether it is allowed to be rendered within frames, iframes, objects, embed or applet elements. Without the restrictions, users can be tricked into interacting with the application when they were not intending to.
Modes of Introduction
Phase | Note |
---|---|
Implementation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Technology | Web Based |
Relationships
View | Weakness | |||||||
---|---|---|---|---|---|---|---|---|
# ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
CWE-1000 | Research Concepts | Draft | CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') | Class | Simple | Draft | |
CWE-1003 | Weaknesses for Simplified Mapping of Published Vulnerabilities | Incomplete | CWE-610 | Externally Controlled Reference to a Resource in Another Sphere | Class | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-451 | User Interface (UI) Misrepresentation of Critical Information | Class | Simple | Draft |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.orgCVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...