VYPR

CWE-451

User Interface (UI) Misrepresentation of Critical Information

ClassDraft

Description

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-154 · CAPEC-163 · CAPEC-164 · CAPEC-173 · CAPEC-98

CVEs mapped to this weakness (107)

page 6 of 6
  • CVE-2025-46394LowApr 23, 2025
    risk 0.14cvss 3.2epss 0.00

    In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

  • CVE-2025-43712LowJul 25, 2025
    risk 0.12cvss 2.9epss 0.00

    JHipster before v.8.9.0 allows privilege escalation via a modified authorities parameter. Upon registering in the JHipster portal and logging in as a standard user, the authorities parameter in the response from the api/account endpoint contains the value ROLE_USER. By…

  • CVE-2026-26320Feb 19, 2026
    risk 0.00cvss epss 0.00

    OpenClaw is a personal AI assistant. OpenClaw macOS desktop client registers the `openclaw://` URL scheme. For `openclaw://agent` deep links without an unattended `key`, the app shows a confirmation dialog that previously displayed only the first 240 characters of the message,…

  • CVE-2025-13082Nov 18, 2025
    risk 0.00cvss epss 0.00

    User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8.

  • CVE-2024-6429Sep 23, 2025
    risk 0.00cvss epss 0.00

    A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary content into the UI. By…

  • CVE-2024-55889Dec 13, 2024
    risk 0.00cvss epss 0.02

    phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user…

  • CVE-2022-23646Feb 17, 2022
    risk 0.00cvss epss 0.02

    Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the…