Lucene search
+L

211 matches found

vulnersOsv
vulnersOsv
added 2020/09/01 3:58 p.m.7 views

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G336-C7WV-8HP3...

5.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2020/09/01 3:58 p.m.16 views

Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui are vulnerable to cross-site scripting via the url query string parameter. Recommendation Update to 2.2.1 or later...

4.9AI score
Exploits0References4Affected Software1
OSV
OSV
added 2020/09/01 3:58 p.m.10 views

GHSA-G336-C7WV-8HP3 Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui are vulnerable to cross-site scripting via the url query string parameter. Recommendation Update to 2.2.1 or later...

6.5AI score
Exploits0References4
vulnersOsv
vulnersOsv
added 2020/09/01 3:36 p.m.6 views

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000233 via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000233 Source advisory: OSV:GHSA-MRX7-8HXF-F853...

6.3AI score0.00713EPSS
Exploits0
OSV
OSV
added 2020/09/01 3:36 p.m.16 views

GHSA-MRX7-8HXF-F853 Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui are vulnerable to cross-site scripting. This vulnerability exists because swagger-ui automatically executes external Javascript that is loaded in via the url query string parameter when a Content-Type: application/javascript header is included. An attacker can crea...

9AI score0.00713EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/09/01 3:36 p.m.29 views

Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui are vulnerable to cross-site scripting. This vulnerability exists because swagger-ui automatically executes external Javascript that is loaded in via the url query string parameter when a Content-Type: application/javascript header is included. An attacker can crea...

3.4AI score0.00713EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2020/09/01 3:30 p.m.66 views

GHSA-P239-93F7-H6XF Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui contain a cross-site scripting vulnerability in the key names of a specific nested object in the JSON document. Proof of Concept The vulnerable object structure is: "definitions": "arbitraryVal": "properties": "": "LoremIpsum" Malicious JSON documents can be loaded...

6.1CVSS6AI score0.01028EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/09/01 3:30 p.m.51 views

Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui contain a cross-site scripting vulnerability in the key names of a specific nested object in the JSON document. Proof of Concept The vulnerable object structure is: "definitions": "arbitraryVal": "properties": "": "LoremIpsum" Malicious JSON documents can be loaded...

6.1CVSS2.6AI score0.01028EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2020/09/01 3:28 p.m.6 views

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000226 via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000226 Source advisory: OSV:GHSA-7F59-X49P-V8MQ...

5.8AI score0.00713EPSS
Exploits0
OSV
OSV
added 2020/09/01 3:28 p.m.33 views

GHSA-7F59-X49P-V8MQ Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker...

6AI score0.00713EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/09/01 3:28 p.m.42 views

Cross-Site Scripting in swagger-ui

Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker...

2.6AI score0.00713EPSS
Exploits0References5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/10 5:38 p.m.27 views

Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17495)

Summary IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the relative path...

9.8CVSS0.7AI score0.0558EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/30 4:34 p.m.37 views

Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Swagger UI (CVE-2019-17495)

Summary A Security Vulnerability affects IBM Cloud Private - Swagger UI Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based...

9.8CVSS0.7AI score0.0558EPSS
Exploits1Affected Software1
NVD
NVD
added 2019/12/20 2:15 p.m.28 views

CVE-2016-1000229

swagger-ui has XSS in key names...

6.1CVSS6.6AI score0.04036EPSS
Exploits0References4
Prion
Prion
added 2019/12/20 2:15 p.m.23 views

Design/Logic Flaw

swagger-ui has XSS in key names...

4.3CVSS6.1AI score0.04036EPSS
Exploits0References4Affected Software2
vulnersOsv
vulnersOsv
added 2019/10/15 7:27 p.m.4 views

@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by CVE-2019-17495 via swagger-ui (>=2.0.17 <=3.20.7)

swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...

9.8CVSS6.7AI score0.0558EPSS
Exploits1
OSV
OSV
added 2019/10/15 7:27 p.m.151 views

GHSA-C427-HJC3-WRFW Cross-site scripting in Swagger-UI

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS9.3AI score0.0558EPSS
Exploits1References15
Github Security Blog
Github Security Blog
added 2019/10/15 7:27 p.m.59 views

Cross-site scripting in Swagger-UI

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS3.8AI score0.0558EPSS
Exploits1References15Affected Software4
NVD
NVD
added 2019/10/10 10:15 p.m.23 views

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS9.5AI score0.0558EPSS
Exploits1References11
OSV
OSV
added 2019/10/10 10:15 p.m.24 views

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS9.4AI score
Exploits0References11
Rows per page
Query Builder