Lucene search
+L

211 matches found

CNNVD
CNNVD
added 2021/12/07 12:0 a.m.4 views

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.A cross-site scripting vulnerability exists in GitLab CE/EE, which stems from t...

4.3CVSS5.4AI score0.00955EPSS
Exploits0References7
Hacker One
Hacker One
added 2021/11/02 7:2 a.m.32 views

Acronis: XSS in Acronis Cloud Manager Admin Portal

Hello, Hope you are doing well. I wanted to report the following security vulnerability: The Acronis Cloud Manager Admin Portal default swagger UI is vulnerable to cross site scripting. I have the API running locally on my machine. I have attached screenshots of the XSS The URL is:...

5.6AI score
Exploits0
vulnersOsv
vulnersOsv
added 2021/05/24 7:51 p.m.5 views

brat-frontend-editor (>=0.0.19 <=0.3.42), frontend-editor (>=0.0.1 <=0.0.5) +3 more potentially affected by CVE-2021-20086 via jquery-bbq (>=0.0.1 <=1.0.0)

jquery-bbq NPM version =0.0.1, =0.0.19, =0.0.1, =0.0.1, =2.1.3, =2.2.3-a Source cves: CVE-2021-20086 Source advisory: OSV:GHSA-7W8J-85WM-6XFQ...

8.8CVSS7.2AI score0.06104EPSS
Exploits1
Hacker One
Hacker One
added 2021/01/06 4:53 p.m.27 views

GitLab: Stored XSS in repository file viewer

Summary There exists XSS in swagger-ui version used in GitLab open API viewer. The XSS exists due to the old version of DOMpurify used in swagger-ui that allows an attacker can inject any HTML elements with any attributes except script tag on the page. The XSS in POC requires 1 click anywhere on...

5.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/11/17 12:0 a.m.5 views

The vulnerability of the Cascading Style Sheets (CSS) component of the Swagger UI tool for creating interactive documentation allows a attacker to perform a cross-site scripting attack.

The vulnerability of the Cascading Style Sheets CSS component of the Swagger UI tool for creating interactive documentation is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform a cross-site scripting attack...

10CVSS6.3AI score0.0558EPSS
Exploits1References4Affected Software2
vulnersOsv
vulnersOsv
added 2020/09/11 9:23 p.m.5 views

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W992-2GMJ-9XXJ...

5.8AI score
Exploits0
OSV
OSV
added 2020/09/11 9:23 p.m.7 views

GHSA-W992-2GMJ-9XXJ Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package allows HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 2.2.1 or later...

6.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/09/11 9:23 p.m.17 views

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package allows HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 2.2.1 or later...

3.5AI score
Exploits0References3Affected Software1
OSV
OSV
added 2020/09/11 9:22 p.m.20 views

GHSA-22Q9-HQM5-MHMC Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to encode output in GET requests. The request is meant to respond with Content-Type application/json which does not trigger the vulnerability but if the web server changes the header to text/html i...

6.9AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2020/09/11 9:22 p.m.7 views

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: unknown CVE Source advisory: OSV:GHSA-22Q9-HQM5-MHMC...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/09/11 9:22 p.m.48 views

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to encode output in GET requests. The request is meant to respond with Content-Type application/json which does not trigger the vulnerability but if the web server changes the header to text/html i...

3.8AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/11 9:21 p.m.30 views

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using tags in the method descriptions. Recommendation Upgrade to version 2.2.1 or later...

5.3AI score
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2020/09/11 9:21 p.m.6 views

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: unknown CVE Source advisory: OSV:GHSA-VP93-GCX5-4W52...

5.8AI score
Exploits0
OSV
OSV
added 2020/09/11 9:21 p.m.18 views

GHSA-VP93-GCX5-4W52 Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using tags in the method descriptions. Recommendation Upgrade to version 2.2.1 or later...

6.9AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2020/09/11 9:20 p.m.5 views

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +192 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=2.2.8)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-388G-JWPG-X6J4...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2020/09/11 9:20 p.m.6 views

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=3.20.7)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-4F9M-PXWH-68HG...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/09/11 9:20 p.m.18 views

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 3.0.13 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize YAML files imported from URLs or copied-pasted. This may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 3.0.13 or later...

4.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2020/09/11 9:20 p.m.8 views

GHSA-388G-JWPG-X6J4 Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 3.0.13 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize YAML files imported from URLs or copied-pasted. This may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 3.0.13 or later...

6.5CVSS6.9AI score
Exploits0References4
OSV
OSV
added 2020/09/11 9:20 p.m.20 views

GHSA-4F9M-PXWH-68HG Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 3.20.9 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 3.20.9 or later...

6.5CVSS6.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/09/11 9:20 p.m.643 views

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 3.20.9 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 3.20.9 or later...

5AI score
Exploits0References4Affected Software1
Rows per page
Query Builder