High severityNVD Advisory· Published Dec 5, 2024· Updated Apr 15, 2026

CVE-2024-52270

Description

User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

app.hellosign.comnvd
drive.proton.me/urls/Z6DHXNRZQCnvd
new.space/s/ZuHoujvkjdzfY7Uihah7Ygnvd
sign.dropbox.comnvd
www.loom.com/share/48f63594e14c49e19840ad9cb7d60453nvd
www.vulsec.org/advisoriesnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000