Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-449 (UI执行错误动作) — Vulnerability Class 12

12 vulnerabilities classified as CWE-449 (UI执行错误动作). AI Chinese analysis included.

CWE-449 represents a user interface logic flaw where the application executes an unintended operation despite a valid user request. This weakness typically arises from ambiguous interface design, missing confirmation dialogs, or inconsistent state management, allowing attackers to trick users into performing unauthorized actions such as deleting data or transferring funds. Exploitation often involves social engineering or manipulating UI elements to trigger hidden or mislabeled functions. To mitigate this risk, developers must implement clear, unambiguous user prompts and require explicit confirmation for critical operations. Rigorous usability testing ensures that interface elements accurately reflect their underlying functions. Additionally, employing defensive programming techniques, such as validating user intent on the server side rather than relying solely on client-side cues, helps prevent unintended actions. Consistent design patterns and thorough code reviews further reduce the likelihood of such logical errors in production environments.

MITRE CWE Description
The UI performs the wrong action with respect to the user's request.
Common Consequences (1)
OtherQuality Degradation, Varies by Context
CVE IDTitleCVSSSeverityPublished
CVE-2025-49736 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability — Microsoft Edge for Android 4.3 Medium2025-08-12
CVE-2025-26643 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 5.4 Medium2025-03-07
CVE-2025-21404 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 4.3 Medium2025-02-06
CVE-2024-49041 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 4.3 Medium2024-12-06
CVE-2024-43577 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 4.3 Medium2024-10-18
CVE-2024-38083 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge for iOS 4.3 Medium2024-06-13
CVE-2024-24698 Zoom Clients - Improper Authentication — Zoom Clients 4.9 Medium2024-02-13
CVE-2023-43585 Zoom 安全漏洞 — Zoom Mobile App for iOS and SDKs for iOS 7.1 High2023-12-13
CVE-2023-43588 Zoom Client 安全漏洞 — Zoom Clients 3.5 Low2023-11-14
CVE-2023-39215 Zoom Client 授权问题漏洞 — Zoom Clients 7.1 High2023-09-12
CVE-2023-39209 Zoom Client 输入验证错误漏洞 — Zoom Desktop Client for Windows 5.9 Medium2023-08-08
CVE-2023-36535 Zoom Client 安全漏洞 — Zoom Clients 7.1 High2023-08-08

Vulnerabilities classified as CWE-449 (UI执行错误动作) represent 12 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.