Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7364

Summary
Assigner-rapid7
Assigner Org ID-9974b330-7714-4307-a722-5648477acda7
Published At-20 Oct, 2020 | 16:40
Updated At-16 Sep, 2024 | 19:40
Rejected At-
Credits

UCWeb UC Browser Address Bar Spooofing

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:rapid7
Assigner Org ID:9974b330-7714-4307-a722-5648477acda7
Published At:20 Oct, 2020 | 16:40
Updated At:16 Sep, 2024 | 19:40
Rejected At:
▼CVE Numbering Authority (CNA)
UCWeb UC Browser Address Bar Spooofing

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.

Affected Products
Vendor
UCWeb
Product
UC Browser
Versions
Affected
  • From 13.0.8 through 13.0.8 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-451CWE-451 User Interface (UI) Misrepresentation of Critical Information
Type: CWE
CWE ID: CWE-451
Description: CWE-451 User Interface (UI) Misrepresentation of Critical Information
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
This issue was discovered by Rafay Baloch, and disclosed in accordance with Rapid7's coordinated vulnerability disclosure policy at https://www.rapid7.com/security/disclosure#zeroday
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html
x_refsource_MISC
https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/
x_refsource_MISC
Hyperlink: https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html
Resource:
x_refsource_MISC
Hyperlink: https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html
x_refsource_MISC
x_transferred
https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/
x_refsource_MISC
x_transferred
Hyperlink: https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@rapid7.com
Published At:20 Oct, 2020 | 17:15
Updated At:28 Oct, 2020 | 19:09

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
ucweb
ucweb
>>uc_browser>>Versions before 13.3.2(exclusive)
cpe:2.3:a:ucweb:uc_browser:*:*:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-451Secondarycve@rapid7.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-451
Type: Secondary
Source: cve@rapid7.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/cve@rapid7.com
Exploit
Mitigation
Third Party Advisory
https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.htmlcve@rapid7.com
Exploit
Third Party Advisory
Hyperlink: https://blog.rapid7.com/2020/10/20/vulntober-multiple-mobile-browser-address-bar-spoofing-vulnerabilities/
Source: cve@rapid7.com
Resource:
Exploit
Mitigation
Third Party Advisory
Hyperlink: https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html
Source: cve@rapid7.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

63Records found
CVE-2025-0729
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.31% / 54.16%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 17:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link TL-SG108E clickjacking

A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-TL-SG108E
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2017-0888
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-4.3||MEDIUM
EPSS-0.54% / 67.62%
||
7 Day CHG~0.00%
Published-05 Apr, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloudnextcloud_serverNextcloud Server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2016-9473
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-4.7||MEDIUM
EPSS-0.66% / 71.13%
||
7 Day CHG~0.00%
Published-28 Mar, 2017 | 02:46
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.

Action-Not Available
Vendor-braven/a
Product-browserBrave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38093
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 66.17%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 20:06
Updated-17 Dec, 2025 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edgeMicrosoft Edge (Chromium-based)
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2021-27773
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-4.2||MEDIUM
EPSS-0.14% / 34.43%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 21:25
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Sametime is vulnerable to clickjacking

This vulnerability allows users to execute a clickjacking attack in the meeting's chat.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-sametimeSametime
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2021-27414
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 27.55%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-16 Apr, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User interface misrepresentation of critical information in Hitachi ABB Power Grids Ellipse EAM

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.

Action-Not Available
Vendor-Hitachi Energy Ltd.Hitachi, Ltd.
Product-ellipse_enterprise_asset_managementEllipse Enterprise Asset Management (EAM)
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2024-2631
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 37.12%
||
7 Day CHG-0.00%
Published-20 Mar, 2024 | 17:06
Updated-29 Mar, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2023-7282
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 30.44%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 21:56
Updated-02 Jan, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Navigation in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-32371
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 40.71%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 15:14
Updated-26 Aug, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unexpected external content may be displayed in DNN ImageHandler

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that the information is legitimate. This vulnerability is fixed in 9.13.4.

Action-Not Available
Vendor-ESW Operations, LLC ("DNN Software")
Product-dotnetnukeDnn.Platform
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-49755
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.53%
||
7 Day CHG+0.23%
Published-12 Aug, 2025 | 17:10
Updated-13 Feb, 2026 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgeMicrosoft Edge for Android
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-43228
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.21%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:35
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_ossafariipadosSafariiOS and iPadOS
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-3859
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 35.93%
||
7 Day CHG~0.00%
Published-30 Apr, 2025 | 16:30
Updated-13 Apr, 2026 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Firefox Focus elide URL allows address bar spoofing

Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefox_focusFocus
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-21404
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.48%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 22:41
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-449
The UI Performs the Wrong Action
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
  • Previous
  • 1
  • 2
  • Next
Details not found