211 matches found
CVE-2016-5682
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...
CVE-2016-5682
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...
CVE-2016-5682
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section...
CVE-2016-5682
Swagger-UI is affected by an XSS vulnerability in the Definitions section via the Default field, affecting versions before 2.2.1. The issue allows a remote attacker to inject script that could run in a victim’s browser and potentially steal cookie-based credentials. Remediation per the provided s...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
CVE-2016-1000229
It was found that swagger-ui contains a cross site scripting XSS vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files...
Cross-Site Scripting
Overview Affected versions of swagger-ui are vulnerable to cross-site scripting via the url query string parameter. Recommendation Update to 2.2.1 or later. References - GitHub Issue - GitHub Advisory...
Cross-Site Scripting
Overview Affected versions of swagger-ui are vulnerable to cross-site scripting. This vulnerability exists because swagger-ui automatically executes external Javascript that is loaded in via the url query string parameter when a Content-Type: application/javascript header is included. An attacker...
Cross-Site Scripting
Overview Affected versions of swagger-ui contain a cross-site scripting vulnerability in the key names of a specific nested object in the JSON document. Proof of Concept The vulnerable object structure is: "definitions": "arbitraryVal": "properties": "": "LoremIpsum" Malicious JSON documents can ...
Cross-Site Scripting
Overview Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API. Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an...
kubernetes.io XSS vulnerability
Vulnerable URL: http://kubernetes.io/kubernetes/thirdparty/swagger-ui/?url=https://gist.githubusercontent.com/anonymous/4a5ece3c91b803536c3a81811af24225/raw/cb666406da086e666a74cf9219fcdc2e07100d9f/5742c4bee4b01190df6d640c.json Details: Description| Value ---|--- Patched:| No Latest check for...