CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
- 摘要:Base
- 结构:Simple
- 状态:Incomplete
- 发布日期:2017-11-08
- 更新日期:2026-04-30
名称
Improper Restriction of Rendered UI Layers or Frames
描述
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.
常见后果
范围:Access Control
影响:Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Application Data, Modify Application Data
注释:An attacker can trick a user into performing actions that are masked and hidden from the user's view. The impact varies widely, depending on the functionality of the underlying application. For example, in a social media application, clickjacking could be used to trick the user into changing privacy settings.