Common Weakness Enumeration

CWE-449

Allowed

The UI Performs the Wrong Action

Abstraction: Base · Status: Incomplete

The UI performs the wrong action with respect to the user's request.

26 vulnerabilities reference this CWE, most recent first.

GHSA-GG49-9GCV-Q853

Vulnerability from github – Published: 2023-11-15 00:31 – Updated: 2024-09-20 15:30
VLAI
Details

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43588"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-449",
      "CWE-691"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-15T00:15:08Z",
    "severity": "LOW"
  },
  "details": "Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.\n\n",
  "id": "GHSA-gg49-9gcv-q853",
  "modified": "2024-09-20T15:30:35Z",
  "published": "2023-11-15T00:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43588"
    },
    {
      "type": "WEB",
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PF9X-3P57-VP26

Vulnerability from github – Published: 2025-09-08 21:30 – Updated: 2025-09-08 21:30
VLAI
Details

LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before publishing. As a result, the stale preview remains visible while the clickable link points to a different URL, which can be malicious. This UI misrepresentation enables attackers to deceive users by displaying trusted previews for harmful links, facilitating phishing attacks and user confusion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-56139"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-449"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-03T20:15:34Z",
    "severity": "MODERATE"
  },
  "details": "LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before publishing. As a result, the stale preview remains visible while the clickable link points to a different URL, which can be malicious. This UI misrepresentation enables attackers to deceive users by displaying trusted previews for harmful links, facilitating phishing attacks and user confusion.",
  "id": "GHSA-pf9x-3p57-vp26",
  "modified": "2025-09-08T21:30:59Z",
  "published": "2025-09-08T21:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56139"
    },
    {
      "type": "WEB",
      "url": "https://hdhrmi.blogspot.com/2025/07/aiman-al-hadhrami-linkedin-vulnerability.html"
    },
    {
      "type": "WEB",
      "url": "https://hdhrmi.blogspot.com/2025/09/link-preview-mismatch-cve-2025-56139.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QV3Q-CWV9-R3M3

Vulnerability from github – Published: 2023-08-08 18:30 – Updated: 2024-04-04 06:41
VLAI
Details

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-36535"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-449",
      "CWE-602"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T18:15:14Z",
    "severity": "MODERATE"
  },
  "details": "Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.",
  "id": "GHSA-qv3q-cwv9-r3m3",
  "modified": "2024-04-04T06:41:55Z",
  "published": "2023-08-08T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36535"
    },
    {
      "type": "WEB",
      "url": "https://explore.zoom.us/en/trust/security/security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RJFP-3RM3-GX89

Vulnerability from github – Published: 2024-06-13 21:30 – Updated: 2024-06-13 21:30
VLAI
Details

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-38083"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-449"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-13T20:15:15Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
  "id": "GHSA-rjfp-3rm3-gx89",
  "modified": "2024-06-13T21:30:53Z",
  "published": "2024-06-13T21:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38083"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-WP78-9WHJ-QG88

Vulnerability from github – Published: 2024-10-19 00:31 – Updated: 2024-10-19 00:31
VLAI
Details

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-449"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-18T23:15:06Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
  "id": "GHSA-wp78-9whj-qg88",
  "modified": "2024-10-19T00:31:54Z",
  "published": "2024-10-19T00:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43577"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43577"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X295-2H73-X8GP

Vulnerability from github – Published: 2024-12-06 03:31 – Updated: 2024-12-06 03:31
VLAI
Details

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-49041"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-449"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-06T02:15:18Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
  "id": "GHSA-x295-2h73-x8gp",
  "modified": "2024-12-06T03:31:09Z",
  "published": "2024-12-06T03:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49041"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49041"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.