CVE-2025-12029 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.11 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have, under certain circumstances, allowed an unauthenticated user to perform unauthorized actions on behalf of another user by injecting malicious...

Exploit for Improper Input Validation in Smartbear Swagger_Ui

swagger-ui POC for Testing HTML Injection in Swagger UI CVE-...

RuoYi 代码注入漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A code injection vulnerability exists in RuoYi 4.8.1 and earlier versions, which originates from cross-site scripting due to incorrect manipulation of the parameter configUrl in the file /swagger-ui/index.html...

CVE-2024-54181

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

PT-2024-9964 · Ibm · Ibm Websphere Automation

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Automation version 1.7.5 Description: The vulnerability in the IBM WebSphere Automation platform's Swagger interface is related to the failure to neutralize special elements used in operating system commands. This could allow a...

PT-2024-38260 · Anji Plus · Anji-Plus Aj-Report

Name of the Vulnerable Software and Affected Versions: anji-plus AJ-Report versions = 1.4.0 Description: The issue allows a remote and unauthenticated attacker to bypass authentication by appending ";swagger-ui" to HTTP requests, potentially executing arbitrary Java on the victim server. This is...

Bazarr Path Traversal Vulnerability

Bazarr is a software from Bazarr, a companion application to Sonarr and Radarr that manages and downloads subtitles according to your requirements. A path traversal vulnerability exists in Bazarr versions prior to 1.3.1, which stems from a path traversal vulnerability in the /api/swaggerui/static...

PT-2021-22756 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.6 through 14.3.6 GitLab CE/EE versions 14.4 through 14.4.4 GitLab CE/EE versions 14.5 through 14.5.2 Description: An issue has been discovered in GitLab CE/EE, where it was vulnerable to HTML Injection through the...

swagger-ui cross-site scripting vulnerability (CNVD-2017-16019)

swagger-ui is a set of API online documentation generation and testing tools . A cross-site scripting vulnerability exists in versions of swagger-ui prior to 2.2.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...