211 matches found
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by unknown CVE via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G336-C7WV-8HP3...
Cross-Site Scripting in swagger-ui
Affected versions of swagger-ui are vulnerable to cross-site scripting via the url query string parameter. Recommendation Update to 2.2.1 or later...
GHSA-G336-C7WV-8HP3 Cross-Site Scripting in swagger-ui
Affected versions of swagger-ui are vulnerable to cross-site scripting via the url query string parameter. Recommendation Update to 2.2.1 or later...
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000233 via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000233 Source advisory: OSV:GHSA-MRX7-8HXF-F853...
GHSA-MRX7-8HXF-F853 Cross-Site Scripting in swagger-ui
Affected versions of swagger-ui are vulnerable to cross-site scripting. This vulnerability exists because swagger-ui automatically executes external Javascript that is loaded in via the url query string parameter when a Content-Type: application/javascript header is included. An attacker can crea...
Cross-Site Scripting in swagger-ui
Affected versions of swagger-ui are vulnerable to cross-site scripting. This vulnerability exists because swagger-ui automatically executes external Javascript that is loaded in via the url query string parameter when a Content-Type: application/javascript header is included. An attacker can crea...
GHSA-P239-93F7-H6XF Cross-Site Scripting in swagger-ui
Affected versions of swagger-ui contain a cross-site scripting vulnerability in the key names of a specific nested object in the JSON document. Proof of Concept The vulnerable object structure is: "definitions": "arbitraryVal": "properties": "": "LoremIpsum" Malicious JSON documents can be loaded...
Cross-Site Scripting in swagger-ui
Affected versions of swagger-ui contain a cross-site scripting vulnerability in the key names of a specific nested object in the JSON document. Proof of Concept The vulnerable object structure is: "definitions": "arbitraryVal": "properties": "": "LoremIpsum" Malicious JSON documents can be loaded...
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000226 via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000226 Source advisory: OSV:GHSA-7F59-X49P-V8MQ...
GHSA-7F59-X49P-V8MQ Cross-Site Scripting in swagger-ui
Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker...
Cross-Site Scripting in swagger-ui
Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker...
Security Bulletin: IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17495)
Summary IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: Swagger UI could allow a remote attacker to obtain sensitive information, caused by a CSS injection flaw. By using the relative path...
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Swagger UI (CVE-2019-17495)
Summary A Security Vulnerability affects IBM Cloud Private - Swagger UI Vulnerability Details CVEID: CVE-2019-17495 DESCRIPTION: A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based...
CVE-2016-1000229
swagger-ui has XSS in key names...
Design/Logic Flaw
swagger-ui has XSS in key names...
@activeledger/activecore (>=2.0.0-rc5 <=2.0.0-rc.8.0.6), @aktr/node-module-a (=1.0.1) +196 more potentially affected by CVE-2019-17495 via swagger-ui (>=2.0.17 <=3.20.7)
swagger-ui NPM version =2.0.17, =2.0.0-rc5, =1.4.0, =0.0.4, =1.0.2, =7.0.0, =1.3.0, =3.0.0-alpha.0, =0.7.2, =3.0.1, =2.0.0, =0.0.1, =0.2.1 and more Source cves: CVE-2019-17495 Source advisory: OSV:GHSA-C427-HJC3-WRFW...
GHSA-C427-HJC3-WRFW Cross-site scripting in Swagger-UI
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
Cross-site scripting in Swagger-UI
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...