3 matches found
CVE-2016-1000233
CVE-2016-1000233 is a Swagger-UI cross-site scripting vulnerability described in the connected IBM bulletin. The issue arises when a Content-Type: application/javascript header is included while Swagger-UI processes a URL query string parameter, allowing a remote attacker to inject and execute ma...
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000233 via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000233 Source advisory: OSV:GHSA-MRX7-8HXF-F853...
CVE-2017-1000233
OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session. Affected versions: prior to 6.1.6 and prior to 7.0.3. Remediation: upgrade to OpenProject 6.1.6 or newer, or 7.0.3 or new...