CVE-2019-16371 (lastpass)

LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim’s account on a previously visited web site, because do_popupregister can be bypassed via clickjacking.
Source: NIST
CVE-2019-16371 (lastpass)