211 matches found
CVE-2024-13700
The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2021-39910
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...
CVE-2019-17495
A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...
CVE-2018-25031
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...
U.S. Dept Of Defense: Swagger UI Injection via Config URL - `███`
A Swagger UI injection vulnerability was identified on a specific endpoint. The issue allowed an attacker to inject custom JSON configuration into the Swagger UI, potentially leading to unspecified consequences...
CVE-2025-27434 Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)
Due to insufficient input validation, SAP Commerce Swagger UI allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting XSS attack. This could lead to a high impact on the confidentiality, integrity...
Security Bulletin:Vulnerabiilties in swagger-ui and Bootstrap affect watsonx.data
Summary swagger-ui is vulnerable to conduct spoofing attacks. Bootstrap is vulnerable to cross-site scripting. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to...
CVE-2024-13700 Embed Swagger UI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13700 Embed Swagger UI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-13700
The CVE concerns the WordPress plugin Embed Swagger UI (WordPress) up to version 1.0.0, where a Stored Cross-Site Scripting flaw exists in the wpsgui shortcode due to insufficient input sanitization and output escaping. Exploitation requires authentication at contributor level or higher; an attac...
WordPress Embed Swagger UI plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Embed Swagger UI versions = 1.0.0...
WordPress plugin Embed Swagger UI 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2025-2249 · WordPress · Embed Swagger
Name of the Vulnerable Software and Affected Versions: Embed Swagger UI plugin for WordPress version 1.0.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode due to insufficient input sanitization and output escaping on user-supplied...
CVE-2024-54181
IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...
CVE-2024-54181
IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...
CVE-2024-54181
IBM WebSphere Automation 1.7.5 is vulnerable to an OS Command Injection due to improper neutralization of inputs in the Swagger UI. A remote privileged user with Swagger UI access can execute arbitrary code on the system. IBM’s security bulletin confirms affected version 1.7.5 and recommends upgr...
Cross-site Scripting (XSS)
github.com/gotify/server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to outdated Swagger UI, which uses a vulnerable version of DOMPurify, allowing an attacker to execute arbitrary JavaScript through external Swagger config files...
GO-2023-1471 Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server
Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server...
CVE-2024-7314
anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...
AJ-Report 安全漏洞
AJ-Report is an open source visual design tool from anji-plus. A security vulnerability exists in AJ-Report versions prior to 1.4.1, which originates from a remote, unauthenticated attacker who can attach swagger-ui to an HTTP request to bypass authentication and execute arbitrary Java on the...