Home/CWEs/CWE info/

CWE-449 - The UI Performs the Wrong Action

CWE-449

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: The UI Performs the Wrong Action

Description: The UI performs the wrong action with respect to the user's request.

Common Consequences: Scope: Other
Impact: Quality Degradation, Varies by Context

Related Weaknesses: CWE-446UI Discrepancy for Security Feature

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

New AI Jailbreak Method 'Bad Likert Judge' Boosts Attack Success Rates by Over 60%

Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia

Windows Server 2025 released—here are the new features

Malicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps

Cryptocurrency wallet drainers stole $494 million in 2024

Researchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AI

Common Alerts

HighLog4Shell (CVE-2021-45046)

HighServer Side Request Forgery

MediumInsecure HTTP Method

LowCookie without SameSite Attribute

LowServer Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

MediumRelative Path Confusion

MediumHTTP Parameter Override

InformationalObsolete Content Security Policy (CSP) Header Found

HighProperties File Disclosure - /WEB-INF folder

HighASP.NET ViewState Integrity

Top CVE List

CVE-2024-3393 Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability

CVE-2024-43491 Microsoft Windows Update Use-After-Free Vulnerability

CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability

CVE-2017-6736 Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

CVE-2018-14933 NUUO NVRmini Devices OS Command Injection Vulnerability

CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability

CVE-2020-5849 Unraid Authentication Bypass Vulnerability

CVE-2021-26086 Atlassian Jira Server and Data Center Path Traversal Vulnerability

CVE-2022-20699 Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

CVE-2022-24816 OSGeo GeoServer JAI-EXT Code Injection Vulnerability

Top CWE List

CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined

CWE-1053 Missing Documentation for Design

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-304 Missing Critical Step in Authentication

CWE-307 Improper Restriction of Excessive Authentication Attempts

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

HighCWE-116 Improper Encoding or Escaping of Output

CWE-615 Inclusion of Sensitive Information in Source Code Comments

CWE-1051 Initialization with Hard-Coded Network Resource Configuration Data

CWE-1059 Insufficient Technical Documentation

Free online web security scanner

Don't show website scan report rating on the leaderboard

CWE-449 - The UI Performs the Wrong Action

The UI performs the wrong action with respect to the user's request.