CWE-449
AllowedThe UI Performs the Wrong Action
Abstraction: Base · Status: Incomplete
The UI performs the wrong action with respect to the user's request.
26 vulnerabilities reference this CWE, most recent first.
GHSA-GG49-9GCV-Q853
Vulnerability from github – Published: 2023-11-15 00:31 – Updated: 2024-09-20 15:30Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
{
"affected": [],
"aliases": [
"CVE-2023-43588"
],
"database_specific": {
"cwe_ids": [
"CWE-449",
"CWE-691"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-15T00:15:08Z",
"severity": "LOW"
},
"details": "Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.\n\n",
"id": "GHSA-gg49-9gcv-q853",
"modified": "2024-09-20T15:30:35Z",
"published": "2023-11-15T00:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43588"
},
{
"type": "WEB",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PF9X-3P57-VP26
Vulnerability from github – Published: 2025-09-08 21:30 – Updated: 2025-09-08 21:30LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before publishing. As a result, the stale preview remains visible while the clickable link points to a different URL, which can be malicious. This UI misrepresentation enables attackers to deceive users by displaying trusted previews for harmful links, facilitating phishing attacks and user confusion.
{
"affected": [],
"aliases": [
"CVE-2025-56139"
],
"database_specific": {
"cwe_ids": [
"CWE-449"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-03T20:15:34Z",
"severity": "MODERATE"
},
"details": "LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment before publishing. As a result, the stale preview remains visible while the clickable link points to a different URL, which can be malicious. This UI misrepresentation enables attackers to deceive users by displaying trusted previews for harmful links, facilitating phishing attacks and user confusion.",
"id": "GHSA-pf9x-3p57-vp26",
"modified": "2025-09-08T21:30:59Z",
"published": "2025-09-08T21:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-56139"
},
{
"type": "WEB",
"url": "https://hdhrmi.blogspot.com/2025/07/aiman-al-hadhrami-linkedin-vulnerability.html"
},
{
"type": "WEB",
"url": "https://hdhrmi.blogspot.com/2025/09/link-preview-mismatch-cve-2025-56139.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-QV3Q-CWV9-R3M3
Vulnerability from github – Published: 2023-08-08 18:30 – Updated: 2024-04-04 06:41Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
{
"affected": [],
"aliases": [
"CVE-2023-36535"
],
"database_specific": {
"cwe_ids": [
"CWE-449",
"CWE-602"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T18:15:14Z",
"severity": "MODERATE"
},
"details": "Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.",
"id": "GHSA-qv3q-cwv9-r3m3",
"modified": "2024-04-04T06:41:55Z",
"published": "2023-08-08T18:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36535"
},
{
"type": "WEB",
"url": "https://explore.zoom.us/en/trust/security/security-bulletin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-RJFP-3RM3-GX89
Vulnerability from github – Published: 2024-06-13 21:30 – Updated: 2024-06-13 21:30Microsoft Edge (Chromium-based) Spoofing Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-38083"
],
"database_specific": {
"cwe_ids": [
"CWE-449"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-13T20:15:15Z",
"severity": "MODERATE"
},
"details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"id": "GHSA-rjfp-3rm3-gx89",
"modified": "2024-06-13T21:30:53Z",
"published": "2024-06-13T21:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38083"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WP78-9WHJ-QG88
Vulnerability from github – Published: 2024-10-19 00:31 – Updated: 2024-10-19 00:31Microsoft Edge (Chromium-based) Spoofing Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-43577"
],
"database_specific": {
"cwe_ids": [
"CWE-449"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-18T23:15:06Z",
"severity": "MODERATE"
},
"details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"id": "GHSA-wp78-9whj-qg88",
"modified": "2024-10-19T00:31:54Z",
"published": "2024-10-19T00:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43577"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43577"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X295-2H73-X8GP
Vulnerability from github – Published: 2024-12-06 03:31 – Updated: 2024-12-06 03:31Microsoft Edge (Chromium-based) Spoofing Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-49041"
],
"database_specific": {
"cwe_ids": [
"CWE-449"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-06T02:15:18Z",
"severity": "MODERATE"
},
"details": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
"id": "GHSA-x295-2h73-x8gp",
"modified": "2024-12-06T03:31:09Z",
"published": "2024-12-06T03:31:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49041"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49041"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.