Lucene search
+L

211 matches found

CVE
CVE
added 2022/03/11 6:47 a.m.1247 views

CVE-2021-46708

CVE-2021-46708 affects npm swagger-ui-dist and swagger-ui-dist before 4.1.3 for Node.js. The vulnerability enables a remote attacker to hijack the victim’s clicking action when the user visits a malicious site, potentially enabling further attacks against the victim. The connected IBM/IBM-related...

6.1CVSS6.2AI score0.01472EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/03/11 6:47 a.m.25 views

CVE-2021-46708

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...

7AI score0.01472EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/03/11 6:47 a.m.24 views

CVE-2018-25031

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...

6.6AI score0.42326EPSS
Exploits4References4
Cvelist
Cvelist
added 2022/03/11 6:47 a.m.29 views

CVE-2018-25031

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...

6AI score0.42326EPSS
Exploits4References4
CVE
CVE
added 2022/03/11 6:47 a.m.264 views

CVE-2018-25031

CVE-2018-25031 affects Swagger UI 4.1.2 and earlier. A remote attacker could persuade a user to open a crafted URL to cause spoofing by displaying remote OpenAPI definitions. The issue was claimed fixed in 4.1.3, but third-party reports indicate it may still be present in 4.1.3 and potentially la...

4.3CVSS5.2AI score0.42326EPSS
Exploits4References4Affected Software1
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.5 views

Swagger UI 输入验证错误漏洞

Swagger UI is an open source tool that supports visualizing and interacting with API resources. An input validation error vulnerability exists in Swagger UI versions prior to 4.1.3, which stems from the software's lack of filtering and escaping of user-submitted URL data. This vulnerability can b...

4.3CVSS6.5AI score0.42326EPSS
Exploits4References11
Positive Technologies
Positive Technologies
added 2022/03/11 12:0 a.m.10 views

PT-2022-12909 · Unknown · Swagger-Ui-Dist

Name of the Vulnerable Software and Affected Versions: swagger-ui-dist versions prior to 4.1.3 Description: The issue allows a remote attacker to hijack the clicking action of the victim by persuading them to visit a malicious website, potentially leading to further attacks against the victim...

6.1CVSS6.3AI score0.01472EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/03/11 12:0 a.m.8 views

PT-2022-8044 · Unknown · Swagger-Ui

Name of the Vulnerable Software and Affected Versions: Swagger UI versions 4.1.2 and earlier Description: The issue allows a remote attacker to conduct spoofing attacks by persuading a victim to open a crafted URL, which could exploit this vulnerability to display remote OpenAPI definitions...

4.3CVSS5.5AI score0.42326EPSS
Exploits4References13
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.5 views

swagger-ui-dist 安全漏洞

swagger-ui-dist is a module that exposes the entire dist folder of Swagger-UI as a dependency-free npm module. A security vulnerability exists in Node.js swagger-ui-dist versions prior to 4.1.3, which stems from a lack of effective filtering and validation of html code. An attacker can write...

6.1CVSS6.9AI score0.01472EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2021/12/13 4:15 p.m.29 views

CVE-2021-39910

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...

4.3CVSS5.8AI score0.00955EPSS
Exploits0References1
Prion
Prion
added 2021/12/13 4:15 p.m.17 views

Input validation

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...

4.3CVSS4.7AI score0.00955EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/12/13 4:15 p.m.2 views

UBUNTU-CVE-2021-39910

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...

4.3CVSS5.8AI score0.00955EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/12/13 3:47 p.m.24 views

CVE-2021-39910

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...

2.6CVSS5.2AI score0.00955EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/12/13 3:47 p.m.18 views

CVE-2021-39910

Removed by vendor...

4.3CVSS5.8AI score0.00955EPSS
Exploits0
CNVD
CNVD
added 2021/12/12 12:0 a.m.21 views

GitLab Cross-Site Scripting Vulnerability (CNVD-2022-05444)

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.A cross-site scripting vulnerability exists in GitLab CE/EE, which stems from t...

4.3CVSS3.1AI score0.00955EPSS
Exploits0References1
Veracode
Veracode
added 2021/12/10 7:59 a.m.31 views

Clickjacking

swagger-ui is vulnerable to Clickjacking. It was possible to perform a clickjacking attack due to the lack of validation in the SwaggerUI function allowing a remote attacker to exploit and hijack victim click actions...

6.1CVSS6.2AI score0.01472EPSS
Exploits0References6Affected Software4
vulnersOsv
vulnersOsv
added 2021/12/09 7:8 p.m.10 views

@adobe/parliament-ui-components (>=4.6.0 <=5.2.5), @apibrew/app (>=1.0.22 <=1.0.23) +44 more potentially affected by unknown CVE via swagger-ui-react (>=3.25.0 <=4.19.1)

swagger-ui-react NPM version =3.25.0, =4.6.0, =1.0.22, =1.0.12, =1.0.0, =1.0.22, =1.0.25, =0.0.0-nightly-2020972106, =0.1.1-alpha.19, =0.2.0-alpha.3, =1.0.1, =1.1.0, =0.0.1, =0.0.2, =2.0.0-table.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QRMM-W75W-3WPX...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2021/12/09 7:8 p.m.9 views

@0x0c/nestjs-swagger (>=6.1.5 <=6.3.1), @1creator/backend (>=1.1.17 <=1.2.151) +1107 more potentially affected by unknown CVE via swagger-ui-dist (>=3.0.17 <=4.1.2)

swagger-ui-dist NPM version =3.0.17, =6.1.5, =1.1.17, =1.1.0-beta.1, =15.0.0, =0.1.0-alpha.1, =0.2.4, =1.2.0, =3.7.0, =1.0.0, =1.0.0, =1.0.0, =1.7.8, =2.2.2, =2.5.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QRMM-W75W-3WPX...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2021/12/09 7:8 p.m.5 views

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +270 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=4.1.0)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =0.1.2, =0.0.1, =1.4.0, =0.0.1, =0.0.4, =1.0.2, =7.0.0, =0.0.0-idm, =1.0.4, =1.1.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QRMM-W75W-3WPX...

5.8AI score
Exploits0
OSV
OSV
added 2021/12/09 7:8 p.m.24 views

GHSA-QRMM-W75W-3WPX Server side request forgery in SwaggerUI

SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered...

7.2AI score
Exploits0References5
Rows per page
Query Builder