CWE-451
User Interface (UI) Misrepresentation of Critical Information
ClassDraft
Description
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-154 · CAPEC-163 · CAPEC-164 · CAPEC-173 · CAPEC-98
CVEs mapped to this weakness (47)
page 1 of 3| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-2634 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed domains. This vulnerability was fixed in Firefox for iOS 147.4. | |
| CVE-2025-8043 | Cri | 0.64 | 9.8 | 0.00 | Jul 22, 2025 | Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability was fixed in Firefox 141. | |
| CVE-2025-31951 | Hig | 0.57 | 8.8 | 0.00 | May 6, 2026 | HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution. | |
| CVE-2025-11720 | Hig | 0.53 | 8.1 | 0.00 | Oct 14, 2025 | The Firefox and Firefox Focus UI for the Android custom tab feature only showed the "site" that was loaded, not the full hostname. User supplied content hosted on a subdomain of a site could have been used to fool a user into thinking it was content from a different subdomain of that site. This vulnerability was fixed in Firefox 144. | |
| CVE-2024-52271 | Hig | 0.53 | — | 0.00 | Dec 5, 2024 | User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05. | |
| CVE-2024-52270 | Hig | 0.53 | — | 0.00 | Dec 5, 2024 | User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04. | |
| CVE-2024-52269 | Hig | 0.53 | 8.1 | 0.00 | Dec 4, 2024 | User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04. | |
| CVE-2024-52277 | Hig | 0.53 | — | 0.00 | Dec 4, 2024 | User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSeal: through 1.8.1, >1.8.1. | |
| CVE-2024-52276 | Hig | 0.49 | 7.5 | 0.00 | Dec 4, 2024 | User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used. 3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option. Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSign: through 2024-12-04. | |
| CVE-2026-32971 | Hig | 0.46 | 7.1 | 0.00 | Mar 31, 2026 | OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce wrapper-shaped commands to execute local code after operators approve misleading command text. | |
| CVE-2026-3861 | Med | 0.42 | 6.5 | 0.00 | Apr 16, 2026 | LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily inoperable. | |
| CVE-2026-5905 | Med | 0.42 | 6.5 | 0.00 | Apr 8, 2026 | Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2026-3889 | Med | 0.42 | 6.5 | 0.00 | Mar 24, 2026 | Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9. | |
| CVE-2025-14744 | Med | 0.42 | 6.5 | 0.00 | Dec 18, 2025 | Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability was fixed in Firefox for iOS 144.0. | |
| CVE-2025-46287 | Med | 0.42 | 6.5 | 0.00 | Dec 12, 2025 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. An attacker may be able to spoof their FaceTime caller ID. | |
| CVE-2025-11718 | Med | 0.42 | 6.5 | 0.00 | Oct 14, 2025 | When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange event. This vulnerability was fixed in Firefox 144. | |
| CVE-2025-10290 | Med | 0.42 | 6.5 | 0.00 | Sep 16, 2025 | Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS 143.0. | |
| CVE-2025-43327 | Med | 0.42 | 6.5 | 0.00 | Sep 15, 2025 | The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing. | |
| CVE-2025-9186 | Med | 0.42 | 6.5 | 0.00 | Aug 19, 2025 | Spoofing issue in the Address Bar component of Firefox Focus for Android. This vulnerability was fixed in Firefox 142. | |
| CVE-2025-9183 | Med | 0.42 | 6.5 | 0.00 | Aug 19, 2025 | Spoofing issue in the Address Bar component. This vulnerability was fixed in Firefox 142 and Firefox ESR 140.2. |