211 matches found
GitLab 跨站脚本漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.A cross-site scripting vulnerability exists in GitLab CE/EE, which stems from t...
Acronis: XSS in Acronis Cloud Manager Admin Portal
Hello, Hope you are doing well. I wanted to report the following security vulnerability: The Acronis Cloud Manager Admin Portal default swagger UI is vulnerable to cross site scripting. I have the API running locally on my machine. I have attached screenshots of the XSS The URL is:...
brat-frontend-editor (>=0.0.19 <=0.3.42), frontend-editor (>=0.0.1 <=0.0.5) +3 more potentially affected by CVE-2021-20086 via jquery-bbq (>=0.0.1 <=1.0.0)
jquery-bbq NPM version =0.0.1, =0.0.19, =0.0.1, =0.0.1, =2.1.3, =2.2.3-a Source cves: CVE-2021-20086 Source advisory: OSV:GHSA-7W8J-85WM-6XFQ...
GitLab: Stored XSS in repository file viewer
Summary There exists XSS in swagger-ui version used in GitLab open API viewer. The XSS exists due to the old version of DOMpurify used in swagger-ui that allows an attacker can inject any HTML elements with any attributes except script tag on the page. The XSS in POC requires 1 click anywhere on...
The vulnerability of the Cascading Style Sheets (CSS) component of the Swagger UI tool for creating interactive documentation allows a attacker to perform a cross-site scripting attack.
The vulnerability of the Cascading Style Sheets CSS component of the Swagger UI tool for creating interactive documentation is related to the lack of protective measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform a cross-site scripting attack...
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W992-2GMJ-9XXJ...
GHSA-W992-2GMJ-9XXJ Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package allows HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 2.2.1 or later...
Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package allows HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 2.2.1 or later...
GHSA-22Q9-HQM5-MHMC Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to encode output in GET requests. The request is meant to respond with Content-Type application/json which does not trigger the vulnerability but if the web server changes the header to text/html i...
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: unknown CVE Source advisory: OSV:GHSA-22Q9-HQM5-MHMC...
Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to encode output in GET requests. The request is meant to respond with Content-Type application/json which does not trigger the vulnerability but if the web server changes the header to text/html i...
Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using tags in the method descriptions. Recommendation Upgrade to version 2.2.1 or later...
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: unknown CVE Source advisory: OSV:GHSA-VP93-GCX5-4W52...
GHSA-VP93-GCX5-4W52 Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using tags in the method descriptions. Recommendation Upgrade to version 2.2.1 or later...
@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +192 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=2.2.8)
swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-388G-JWPG-X6J4...
@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=3.20.7)
swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-4F9M-PXWH-68HG...
Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 3.0.13 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize YAML files imported from URLs or copied-pasted. This may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 3.0.13 or later...
GHSA-388G-JWPG-X6J4 Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 3.0.13 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize YAML files imported from URLs or copied-pasted. This may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 3.0.13 or later...
GHSA-4F9M-PXWH-68HG Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 3.20.9 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 3.20.9 or later...
Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 3.20.9 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize URLs used in the OAuth auth flow, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 3.20.9 or later...