211 matches found
CVE-2021-46708
CVE-2021-46708 affects npm swagger-ui-dist and swagger-ui-dist before 4.1.3 for Node.js. The vulnerability enables a remote attacker to hijack the victim’s clicking action when the user visits a malicious site, potentially enabling further attacks against the victim. The connected IBM/IBM-related...
CVE-2021-46708
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further...
CVE-2018-25031
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...
CVE-2018-25031
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...
CVE-2018-25031
CVE-2018-25031 affects Swagger UI 4.1.2 and earlier. A remote attacker could persuade a user to open a crafted URL to cause spoofing by displaying remote OpenAPI definitions. The issue was claimed fixed in 4.1.3, but third-party reports indicate it may still be present in 4.1.3 and potentially la...
Swagger UI 输入验证错误漏洞
Swagger UI is an open source tool that supports visualizing and interacting with API resources. An input validation error vulnerability exists in Swagger UI versions prior to 4.1.3, which stems from the software's lack of filtering and escaping of user-submitted URL data. This vulnerability can b...
PT-2022-12909 · Unknown · Swagger-Ui-Dist
Name of the Vulnerable Software and Affected Versions: swagger-ui-dist versions prior to 4.1.3 Description: The issue allows a remote attacker to hijack the clicking action of the victim by persuading them to visit a malicious website, potentially leading to further attacks against the victim...
PT-2022-8044 · Unknown · Swagger-Ui
Name of the Vulnerable Software and Affected Versions: Swagger UI versions 4.1.2 and earlier Description: The issue allows a remote attacker to conduct spoofing attacks by persuading a victim to open a crafted URL, which could exploit this vulnerability to display remote OpenAPI definitions...
swagger-ui-dist 安全漏洞
swagger-ui-dist is a module that exposes the entire dist folder of Swagger-UI as a dependency-free npm module. A security vulnerability exists in Node.js swagger-ui-dist versions prior to 4.1.3, which stems from a lack of effective filtering and validation of html code. An attacker can write...
CVE-2021-39910
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...
Input validation
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...
UBUNTU-CVE-2021-39910
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...
CVE-2021-39910
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...
CVE-2021-39910
Removed by vendor...
GitLab Cross-Site Scripting Vulnerability (CNVD-2022-05444)
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.A cross-site scripting vulnerability exists in GitLab CE/EE, which stems from t...
Clickjacking
swagger-ui is vulnerable to Clickjacking. It was possible to perform a clickjacking attack due to the lack of validation in the SwaggerUI function allowing a remote attacker to exploit and hijack victim click actions...
@adobe/parliament-ui-components (>=4.6.0 <=5.2.5), @apibrew/app (>=1.0.22 <=1.0.23) +44 more potentially affected by unknown CVE via swagger-ui-react (>=3.25.0 <=4.19.1)
swagger-ui-react NPM version =3.25.0, =4.6.0, =1.0.22, =1.0.12, =1.0.0, =1.0.22, =1.0.25, =0.0.0-nightly-2020972106, =0.1.1-alpha.19, =0.2.0-alpha.3, =1.0.1, =1.1.0, =0.0.1, =0.0.2, =2.0.0-table.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QRMM-W75W-3WPX...
@0x0c/nestjs-swagger (>=6.1.5 <=6.3.1), @1creator/backend (>=1.1.17 <=1.2.151) +1107 more potentially affected by unknown CVE via swagger-ui-dist (>=3.0.17 <=4.1.2)
swagger-ui-dist NPM version =3.0.17, =6.1.5, =1.1.17, =1.1.0-beta.1, =15.0.0, =0.1.0-alpha.1, =0.2.4, =1.2.0, =3.7.0, =1.0.0, =1.0.0, =1.0.0, =1.7.8, =2.2.2, =2.5.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QRMM-W75W-3WPX...
@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +270 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=4.1.0)
swagger-ui NPM version =2.0.17, =2.0.0-rc5, =0.1.2, =0.0.1, =1.4.0, =0.0.1, =0.0.4, =1.0.2, =7.0.0, =0.0.0-idm, =1.0.4, =1.1.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QRMM-W75W-3WPX...
GHSA-QRMM-W75W-3WPX Server side request forgery in SwaggerUI
SwaggerUI supports displaying remote OpenAPI definitions through the ?url parameter. This enables robust demonstration capabilities on sites like petstore.swagger.io, editor.swagger.io, and similar sites, where users often want to see what their OpenAPI definitions would look like rendered...