Clickjacking
Good Q&A on clickjacking:
In plain English, clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a carjacker takes a car? Well, clickjacking is like that, except that the click is the car.
“Clickjacking” is a stunningly sexy name, but the vulnerability is really just a variant of cross-site scripting. We don’t know how bad it really is, because the details are still being withheld. But the name alone is causing dread.
Bill Zeller • October 6, 2008 2:14 PM
I’d say Clickjacking is more a varient of CSRF attacks, since XSS implies some type of code injection (although both names could be much more clear).