211 matches found
Security Bulletin: IBM webMethods Integration is affected by vulnerable swagger-ui library
Summary IBM webMethods Integration - Designer Service Development is affected by vulnerable swagger-ui library. CVE-2018-25031/CWE-20 Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a...
Malicious code in koa2-swagger-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31fd12270f2d2a5b53bfaf3aabcbae8d26a7eec21613c28e4673369a33025ba5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
@citrineos/ocpi-base (>=2.0.0 <=2.0.1), @citrineos/ocpi-cdrs (>=2.0.0 <=2.0.1) +16 more potentially affected by unknown CVE via koa2-swagger-ui (>=5.0.5 <=5.11.0)
koa2-swagger-ui NPM version =5.0.5, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.5.0, =0.1.1, =0.1.0, =0.5.0 - @trey.turner/artifacts-mocks-counterfact =0.0.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-KOA2SWAGGERUI-12704865...
Embedded Malicious Code
Overview koa2-swagger-ui is a swagger ui for a koa v2 app Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It...
Swagger UI 1.0.3 - Cross-Site Scripting (XSS)
/ Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-8191 Title : Swagger UI 1.0.3 - Cross-Site Scripting XSS Description : CVE-2025-8191, a vulnerability in the Swagger UI service due to poor description parameter filtering, leading to command execution on a remote server. / include...
CVE-2025-8191
A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...
Exploit for CVE-2025-8191
CVE-2025-8191 – Swagger UI XSS Injection Description :...
CVE-2025-8191
A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...
CVE-2025-8191 macrozheng mall Swagger UI index.html cross site scripting
A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...
CVE-2025-8191 macrozheng mall Swagger UI index.html cross site scripting
A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...
CVE-2025-8191
The CVE-2025-8191 entry concerns macrozheng mall (version ≤ 1.0.3) exposing a Cross-Site Scripting (XSS) vulnerability in Swagger UI by manipulating the configUrl parameter in /swagger-ui/index.html. The root cause is an input handling flaw in the Swagger UI component that enables remote executio...
CVE-2025-8191 macrozheng mall Swagger UI index.html cross site scripting
A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...
CVE-2025-7901
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be...
CVE-2025-7901
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be...
CVE-2025-7901 yangzongzhuan RuoYi Swagger UI index.html cross site scripting
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be...
CVE-2025-7901
Summary (CVE-2025-7901) : The vulnerability affects yangzongzhuan RuoYi versions up to 4.8.1, specifically in the Swagger UI component accessed via /swagger-ui/index.html. The root cause is manipulation of the configUrl parameter in Swagger UI, which can lead to cross‑site scripting. The issue ma...
CVE-2025-7901 yangzongzhuan RuoYi Swagger UI index.html cross site scripting
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be...
CVE-2025-7901 yangzongzhuan RuoYi Swagger UI index.html cross site scripting
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be...
PT-2025-30206
Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.1 Description A problematic issue exists in yangzongzhuan RuoYi related to the processing of the /swagger-ui/index.html file within the Swagger UI component. Manipulation of the configUrl argument can lea...
CVE-2024-22207
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...