Clickjacking (also known as a "UI redress attack") involves tricking a user into clicking something different from what the user perceives, potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. This is achieved by manipulating the visibility and position of page elements.
A simple example
A malicious website embeds a transparent iframe of a legitimate website where a valuable action resides (like a "delete all" button). The attacker overlays the iframe with seemingly harmless UI - for example, a button that says "Click here to win a prize!". When a user clicks on this button, they unknowingly perform the action on the legitimate website.
Clickjacking can lead to:
Unwanted actions performed by the user
Disclosure of sensitive information
Potential Remote Code Execution (RCE) if combined with other vulnerabilities