CVE-2024-52276

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-451
View all →

Vulnerability Description

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used. 3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option. Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSign: through 2024-12-04.

Related Vulnerabilities

CVE-2022-23646

HIGH
CVSS:7.5(High)

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected,...

CWE-4512022

CVE-2024-52269

HIGH
CVSS:8.1(High)

User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading...

CWE-4512024

CVE-2024-7529

HIGH
CVSS:8.1(High)

The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability affects Firefox < 129, Firefox ESR < 115....

CWE-4512024

CVE-2022-32816

MEDIUM
CVSS:6.5(Medium)

The issue was addressed with improved UI handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. Visiting a website that frames malicious content may le...

CWE-4512022