Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-357 (对危险操作的UI警示不充分) — Vulnerability Class 17

17 vulnerabilities classified as CWE-357 (对危险操作的UI警示不充分). AI Chinese analysis included.

CWE-357 represents a user interface weakness where warnings for dangerous or sensitive operations fail to capture the user’s attention effectively. This vulnerability typically arises when developers design alerts that are visually subtle, easily overlooked, or buried within complex workflows, leading users to inadvertently execute destructive actions like data deletion or privilege escalation. Attackers or malicious insiders exploit this by tricking users into confirming these operations, often through social engineering or by relying on the user’s inattention. To mitigate this risk, developers must ensure warnings are prominent, using high-contrast colors, distinct modal dialogs, or explicit confirmation steps that require active user engagement. By prioritizing clarity and urgency in interface design, organizations can significantly reduce the likelihood of accidental or coerced execution of critical system changes, thereby enhancing overall security posture and user trust.

MITRE CWE Description
The user interface provides a warning to a user regarding dangerous or sensitive operations, but the warning is not noticeable enough to warrant attention.
Common Consequences (1)
Non-RepudiationHide Activities
CVE IDTitleCVSSSeverityPublished
CVE-2026-26151 Remote Desktop Spoofing Vulnerability — Windows 10 Version 1607 7.1 High2026-04-14
CVE-2025-47967 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability — Microsoft Edge (Chromium-based) 4.7 Medium2025-09-16
CVE-2025-33054 Remote Desktop Spoofing Vulnerability — Windows 11 version 22H2 8.1 High2025-07-08
CVE-2025-49587 XWiki does not require right warnings for notification displayer objects — xwiki-platform 5.4AIMediumAI2025-06-13
CVE-2025-49585 XWiki does not require right warnings for XClass definitions — xwiki-platform 6.3AIMediumAI2025-06-13
CVE-2025-49582 XWiki's required right warnings for macros are incomplete — xwiki-platform 5.4AIMediumAI2025-06-13
CVE-2024-49054 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 4.3 Medium2024-11-22
CVE-2024-43580 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 5.4 Medium2024-10-17
CVE-2024-43505 Microsoft Office Visio Remote Code Execution Vulnerability — Microsoft Office 2019 7.8 High2024-10-08
CVE-2024-30058 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 5.4 Medium2024-06-13
CVE-2024-29057 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 4.3 Medium2024-03-22
CVE-2024-26188 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge for Android 4.3 Medium2024-02-23
CVE-2024-21336 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 2.5 Low2024-01-26
CVE-2024-21387 Microsoft Edge for Android Spoofing Vulnerability — Microsoft Edge (Chromium-based) 5.3 Medium2024-01-26
CVE-2022-41904 Element iOS is vulnerable due to missing decoration for events decrypted with untrusted Megolm sessions — element-ios 6.4 Medium2022-11-11
CVE-2021-22645 Luxion KeyShot 安全漏洞 — Luxion KeyShot 8.4 -2021-02-23
CVE-2019-13521 Rockwell Automation Arena Simulation Software 安全漏洞 — Rockwell Automation Arena Simulation Software 7.8 -2020-01-27

Vulnerabilities classified as CWE-357 (对危险操作的UI警示不充分) represent 17 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.