SecuriTricks - CVE-2024-52270

Product(s) Impacted

DropBox Sign(HelloSign)

through 2024-12-04

Description

User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04.

Weaknesses

CWE-451

User Interface (UI) Misrepresentation of Critical Information

The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.

CWE ID: 451

Date

Published: Dec. 5, 2024, 11:15 a.m.

Last Modified: Dec. 5, 2024, 1:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

References

https://app.hellosign.com/ 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

https://drive.proton.me/ 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

https://new.space/ 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

https://sign.dropbox.com/ 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

https://www.loom.com/ 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

https://www.vulsec.org/ 2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe

CVE-2024-52270

Tags