Lucene search
K

211 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/09/30 11:48 a.m.15 views

Security Bulletin: IBM webMethods Integration is affected by vulnerable swagger-ui library

Summary IBM webMethods Integration - Designer Service Development is affected by vulnerable swagger-ui library. CVE-2018-25031/CWE-20 Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a...

4.3CVSS6.5AI score0.42326EPSS
Exploits4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/15 11:50 p.m.3 views

Malicious code in koa2-swagger-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 31fd12270f2d2a5b53bfaf3aabcbae8d26a7eec21613c28e4673369a33025ba5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References6
vulnersOsv
vulnersOsv
added 2025/09/15 7:39 a.m.7 views

@citrineos/ocpi-base (>=2.0.0 <=2.0.1), @citrineos/ocpi-cdrs (>=2.0.0 <=2.0.1) +16 more potentially affected by unknown CVE via koa2-swagger-ui (>=5.0.5 <=5.11.0)

koa2-swagger-ui NPM version =5.0.5, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =0.5.0, =0.1.1, =0.1.0, =0.5.0 - @trey.turner/artifacts-mocks-counterfact =0.0.1 and more Source cves: unknown CVE Source advisory: SNYK:JS-KOA2SWAGGERUI-12704865...

5.8AI score
Exploits0
Snyk
Snyk
added 2025/09/15 7:39 a.m.2 views

Embedded Malicious Code

Overview koa2-swagger-ui is a swagger ui for a koa v2 app Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It...

9.8CVSS7AI score
Exploits0References2
Exploit DB
Exploit DB
added 2025/08/03 12:0 a.m.471 views

Swagger UI 1.0.3 - Cross-Site Scripting (XSS)

/ Author : Byte Reaper Telegram : @ByteReaper0 CVE : CVE-2025-8191 Title : Swagger UI 1.0.3 - Cross-Site Scripting XSS Description : CVE-2025-8191, a vulnerability in the Swagger UI service due to poor description parameter filtering, leading to command execution on a remote server. / include...

5.4CVSS3.9AI score0.01646EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/07/28 2:21 p.m.6 views

CVE-2025-8191

A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...

5.4CVSS3.5AI score0.01646EPSS
Exploits3References1
GithubExploit
GithubExploit
added 2025/07/28 3:9 a.m.274 views

Exploit for CVE-2025-8191

CVE-2025-8191 – Swagger UI XSS Injection Description :...

5.1CVSS4.6AI score0.01646EPSS
Exploits3
NVD
NVD
added 2025/07/26 2:15 p.m.7 views

CVE-2025-8191

A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...

5.4CVSS0.01646EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2025/07/26 1:32 p.m.5 views

CVE-2025-8191 macrozheng mall Swagger UI index.html cross site scripting

A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...

5.1CVSS3.4AI score0.01646EPSS
Exploits3References5
Cvelist
Cvelist
added 2025/07/26 1:32 p.m.13 views

CVE-2025-8191 macrozheng mall Swagger UI index.html cross site scripting

A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...

5.1CVSS0.01646EPSS
Exploits3References5
CVE
CVE
added 2025/07/26 1:32 p.m.73 views

CVE-2025-8191

The CVE-2025-8191 entry concerns macrozheng mall (version ≤ 1.0.3) exposing a Cross-Site Scripting (XSS) vulnerability in Swagger UI by manipulating the configUrl parameter in /swagger-ui/index.html. The root cause is an input handling flaw in the Swagger UI component that enables remote executio...

5.4CVSS3.7AI score0.01646EPSS
Exploits3References5Affected Software1
OSV
OSV
added 2025/07/26 1:32 p.m.5 views

CVE-2025-8191 macrozheng mall Swagger UI index.html cross site scripting

A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the...

5.1CVSS3.8AI score0.01646EPSS
Exploits3References7
RedhatCVE
RedhatCVE
added 2025/07/22 3:59 p.m.14 views

CVE-2025-7901

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be...

6.1CVSS6.5AI score0.00732EPSS
Exploits1References1
NVD
NVD
added 2025/07/20 4:15 p.m.7 views

CVE-2025-7901

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be...

6.1CVSS0.00732EPSS
Exploits1References4
OSV
OSV
added 2025/07/20 3:32 p.m.6 views

CVE-2025-7901 yangzongzhuan RuoYi Swagger UI index.html cross site scripting

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be...

5.3CVSS3.8AI score0.00732EPSS
Exploits1References6
CVE
CVE
added 2025/07/20 3:32 p.m.19 views

CVE-2025-7901

Summary (CVE-2025-7901) : The vulnerability affects yangzongzhuan RuoYi versions up to 4.8.1, specifically in the Swagger UI component accessed via /swagger-ui/index.html. The root cause is manipulation of the configUrl parameter in Swagger UI, which can lead to cross‑site scripting. The issue ma...

6.1CVSS4.4AI score0.00732EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/07/20 3:32 p.m.21 views

CVE-2025-7901 yangzongzhuan RuoYi Swagger UI index.html cross site scripting

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be...

5.3CVSS0.00732EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/07/20 3:32 p.m.6 views

CVE-2025-7901 yangzongzhuan RuoYi Swagger UI index.html cross site scripting

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be...

5.3CVSS4.3AI score0.00732EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/07/20 12:0 a.m.11 views

PT-2025-30206

Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.1 Description A problematic issue exists in yangzongzhuan RuoYi related to the processing of the /swagger-ui/index.html file within the Swagger UI component. Manipulation of the configUrl argument can lea...

6.1CVSS3.4AI score0.00732EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2025/05/23 9:35 a.m.12 views

CVE-2024-22207

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5.1AI score0.02001EPSS
Exploits0References1
Rows per page
Query Builder