Lucene search
K

211 matches found

osv
osv
added 2017/04/10 3:59 a.m.18 views

CVE-2016-5682

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...

6.1CVSS5.7AI score
Exploits0References1
nvd
nvd
added 2017/04/10 3:59 a.m.25 views

CVE-2016-5682

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...

6.1CVSS6.6AI score0.01028EPSS
Exploits0References1
cvelist
cvelist
added 2017/04/10 3:0 a.m.26 views

CVE-2016-5682

Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...

6.3AI score0.01028EPSS
Exploits0References1
cve
cve
added 2017/04/10 3:0 a.m.79 views

CVE-2016-5682

Swagger-UI is affected by an XSS vulnerability in the Definitions section via the Default field, affecting versions before 2.2.1. The issue allows a remote attacker to inject script that could run in a victim’s browser and potentially steal cookie-based credentials. Remediation per the provided s...

6.1CVSS5.8AI score0.01028EPSS
Exploits0References1Affected Software1
redhat
redhat
added 2017/04/03 9:2 p.m.90 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update

An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.6AI score0.99906EPSS
Exploits21References12
redhatcve
redhatcve
added 2016/09/20 7:48 a.m.31 views

CVE-2016-1000229

It was found that swagger-ui contains a cross site scripting XSS vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files...

6.1CVSS3.1AI score0.04036EPSS
Exploits0References2
nodejs
nodejs
added 2016/08/08 2:38 p.m.34 views

Cross-Site Scripting

Overview Affected versions of swagger-ui are vulnerable to cross-site scripting via the url query string parameter. Recommendation Update to 2.2.1 or later. References - GitHub Issue - GitHub Advisory...

6.3AI score
Exploits0Affected Software1
nodejs
nodejs
added 2016/07/22 9:20 p.m.22 views

Cross-Site Scripting

Overview Affected versions of swagger-ui are vulnerable to cross-site scripting. This vulnerability exists because swagger-ui automatically executes external Javascript that is loaded in via the url query string parameter when a Content-Type: application/javascript header is included. An attacker...

3.2AI score0.00713EPSS
Exploits0Affected Software1
nodejs
nodejs
added 2016/07/21 5:1 p.m.36 views

Cross-Site Scripting

Overview Affected versions of swagger-ui contain a cross-site scripting vulnerability in the key names of a specific nested object in the JSON document. Proof of Concept The vulnerable object structure is: "definitions": "arbitraryVal": "properties": "": "LoremIpsum" Malicious JSON documents can ...

4.3CVSS2.9AI score0.01028EPSS
Exploits0Affected Software1
nodejs
nodejs
added 2016/07/20 5:45 p.m.27 views

Cross-Site Scripting

Overview Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an...

1.9AI score0.00713EPSS
Exploits0Affected Software1
openbugbounty
openbugbounty
added 2016/05/23 8:56 a.m.14 views

kubernetes.io XSS vulnerability

Vulnerable URL: http://kubernetes.io/kubernetes/thirdparty/swagger-ui/?url=https://gist.githubusercontent.com/anonymous/4a5ece3c91b803536c3a81811af24225/raw/cb666406da086e666a74cf9219fcdc2e07100d9f/5742c4bee4b01190df6d640c.json Details: Description| Value ---|--- Patched:| No Latest check for...

6.3AI score
Exploits0
Rows per page
Query Builder