211 matches found
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details...
Swagger UI 3.14.0 < 3.38.0 Cross-Site Scripting
Swagger UI is a popular library used to beautify API specifications and render it to the users. Swagger UI versions 3.14.1 to 3.37.2 suffer from a DOM Cross-Site Scripting XSS vulnerability due to an outdated DomPurify embedded library and a feature available in the Swagger UI library itself whic...
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000229 via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000229 Source advisory: OSV:GHSA-H8WP-WGCQ-QHRF...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty, which is bundled as part of IBM WebSphere Hybrid Edition, is vulnerable to spoofing attacks and clickjacking due to swagger-ui CVE-2018-25031, CVE-2021-46708 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...
Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty, which is bundled in IBM Cloud Pak for Applications, is vulnerable to spoofing attacks and clickjacking due to swagger-ui CVE-2018-25031, CVE-2021-46708 Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section...
Security Bulletin: IBM WebSphere Application Server Liberty shipped with IBM WebSphere Application Server Patterns is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary IBM WebSphere Application Server Liberty is shipped as a component of IBM WebSphere Application Server Patterns. There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0,...
Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing attacks and clickjacking due to swagger-ui (CVE-2018-25031, CVE-2021-46708)
Summary There are multiple vulnerabilities in the swagger-ui library used by IBM WebSphere Application Server Liberty with mpOpenAPI-1.0, mpOpenAPI-1.1, mpOpenAPI-2.0, mpOpenAPI-3.0, openapi-3.0 or the openapi-3.1 feature enabled. These vulnerabilities could allow spoofing attacks or clickjacking...
Security Bulletin: IBM Answer Retrieval for Watson Discovery is vulnerable to phishing attacks due to Swagger UI (CVE number(s) 221508)
Summary Swagger UI is used by IBM Answer Retrieval for Watson Discovery. CVE numbers 221508. The fix upgrades to Swagger UI v4.6.2. Vulnerability Details Third Party Entry: 221508 DESCRIPTION: Swagger UI could allow a remote attacker to conduct phishing attacks, caused by an open redirect...
Spoofing Attack
swagger-ui-react is vulnerable to spoofing attack. The vulnerability allows remote attackers to acquire remote OpenAPI definitions by persuading the victim to open a specifically crafted URL...
africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-codes-api (>=1.0.0 <=1.0.1) +2356 more potentially affected by CVE-2018-25031 via org.webjars:swagger-ui (>=2.0.17 <=4.1.3-1)
org.webjars:swagger-ui MAVEN version =2.0.17, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =5.4.0, =8.0.0 - ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base =8.0.0 - ca.uhn.hapi.fhir:hapi-fhir-jpaserver-elastic-test-utilities =8.0.0 -...
Spoofing attack in swagger-ui-dist
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...
GHSA-6C9X-MJ3G-H47X Spoofing attack in swagger-ui-dist
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...
GHSA-CR3Q-PQGQ-M8C2 Spoofing attack in swagger-ui
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions...
@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +270 more potentially affected by CVE-2018-25031 via swagger-ui (>=2.0.17 <=4.1.0)
swagger-ui NPM version =2.0.17, =2.0.0-rc5, =0.1.2, =0.0.1, =1.4.0, =0.0.1, =0.0.4, =1.0.2, =7.0.0, =0.0.0-idm, =1.0.4, =1.1.4 and more Source cves: CVE-2018-25031 Source advisory: OSV:GHSA-CR3Q-PQGQ-M8C2...
CVE-2018-25031
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...
CVE-2021-46708
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...
CVE-2021-46708
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...
CVE-2021-46708
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...
Design/Logic Flaw
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...
CVE-2018-25031
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...