CWE-472
External Control of Assumed-Immutable Web Parameter
Description
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-146 · CAPEC-226 · CAPEC-31 · CAPEC-39
CVEs mapped to this weakness (88)
page 4 of 5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-11678 | Med | 0.34 | 5.3 | 0.00 | Jun 9, 2026 | Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-11669 | Med | 0.34 | 5.3 | 0.00 | Jun 9, 2026 | Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-4911 | Med | 0.34 | 5.3 | 0.00 | Apr 28, 2026 | The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe() function passing user-controlled $_POST['amount'] directly to the Stripe PaymentIntent API without validation, and the… | ||
| CVE-2025-26312 | Med | 0.34 | — | 0.00 | Mar 14, 2025 | SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass by removing the Captcha parameter. | ||
| CVE-2024-12123 | Med | 0.34 | — | 0.00 | Dec 4, 2024 | A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester… | ||
| CVE-2026-11290 | Med | 0.33 | 5.0 | 0.00 | Jun 5, 2026 | Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. (Chromium security severity: Low) | ||
| CVE-2026-11281 | Med | 0.33 | 5.0 | 0.00 | Jun 5, 2026 | Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Chromium security severity: Low) | ||
| CVE-2026-9911 | Med | 0.28 | 4.3 | 0.00 | May 28, 2026 | Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-8567 | Med | 0.28 | 4.3 | 0.00 | May 14, 2026 | Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-8559 | Med | 0.28 | 4.3 | 0.00 | May 14, 2026 | Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-7969 | Med | 0.28 | 4.3 | 0.00 | May 6, 2026 | Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-7942 | Med | 0.28 | 4.3 | 0.00 | May 6, 2026 | Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2026-7340 | Med | 0.28 | 4.3 | 0.00 | Apr 28, 2026 | Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-54551 | Med | 0.28 | 4.3 | 0.00 | Aug 20, 2025 | Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privilege and access data that the user do not have permission to view by altering the… | ||
| CVE-2025-43002 | Med | 0.28 | 4.3 | 0.00 | May 13, 2025 | SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrity and availability of the application are not impacted. | ||
| CVE-2025-31327 | Med | 0.28 | 4.3 | 0.00 | Apr 22, 2025 | SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not… | ||
| CVE-2025-31333 | Med | 0.28 | 4.3 | 0.00 | Apr 8, 2025 | SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted. | ||
| CVE-2026-7912 | Med | 0.27 | 4.2 | 0.00 | May 6, 2026 | Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2026-32699 | Med | 0.27 | — | 0.00 | May 5, 2026 | FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass… | ||
| CVE-2026-2519 | Med | 0.27 | 5.3 | 0.00 | Apr 9, 2026 | The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation… |
- risk 0.34cvss 5.3epss 0.00
Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
- risk 0.34cvss 5.3epss 0.00
Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
- risk 0.34cvss 5.3epss 0.00
The Booking Package plugin for WordPress is vulnerable to Price Manipulation in versions up to, and including, 1.7.06 This is due to the intentForStripe() function passing user-controlled $_POST['amount'] directly to the Stripe PaymentIntent API without validation, and the…
- risk 0.34cvss —epss 0.00
SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass by removing the Captcha parameter.
- risk 0.34cvss —epss 0.00
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester…
- risk 0.33cvss 5.0epss 0.00
Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. (Chromium security severity: Low)
- risk 0.33cvss 5.0epss 0.00
Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Chromium security severity: Low)
- risk 0.28cvss 4.3epss 0.00
Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
- risk 0.28cvss 4.3epss 0.00
Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.28cvss 4.3epss 0.00
Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- risk 0.28cvss 4.3epss 0.00
Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.28cvss 4.3epss 0.00
Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.28cvss 4.3epss 0.00
Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
- risk 0.28cvss 4.3epss 0.00
Synapse Mobility 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1 contain a privilege escalation vulnerability through external control of Web parameter. If exploited, a user of the product may escalate the privilege and access data that the user do not have permission to view by altering the…
- risk 0.28cvss 4.3epss 0.00
SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrity and availability of the application are not impacted.
- risk 0.28cvss 4.3epss 0.00
SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not…
- risk 0.28cvss 4.3epss 0.00
SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.
- risk 0.27cvss 4.2epss 0.00
Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
- risk 0.27cvss —epss 0.00
FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevents editing this field, a user can bypass…
- risk 0.27cvss 5.3epss 0.00
The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to price manipulation via the 'tips' parameter in all versions up to, and including, 27.0. This is due to the plugin trusting a user-supplied input without server-side validation…