Lucene search
K

211 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:35 a.m.9 views

CVE-2024-13700

The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:47 p.m.5 views

CVE-2021-39910

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...

4.3CVSS6.6AI score0.00955EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 a.m.6 views

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS7AI score0.0558EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 a.m.11 views

CVE-2018-25031

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...

4.3CVSS6.6AI score0.42326EPSS
Exploits4References1
Hacker One
Hacker One
added 2025/05/02 5:57 p.m.8 views

U.S. Dept Of Defense: Swagger UI Injection via Config URL - `███`

A Swagger UI injection vulnerability was identified on a specific endpoint. The issue allowed an attacker to inject custom JSON configuration into the Swagger UI, potentially leading to unspecified consequences...

7.3AI score
Exploits0
Cvelist
Cvelist
added 2025/03/11 12:39 a.m.13 views

CVE-2025-27434 Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)

Due to insufficient input validation, SAP Commerce Swagger UI allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting XSS attack. This could lead to a high impact on the confidentiality, integrity...

8.8CVSS0.00439EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/27 1:28 p.m.21 views

Security Bulletin:Vulnerabiilties in swagger-ui and Bootstrap affect watsonx.data

Summary swagger-ui is vulnerable to conduct spoofing attacks. Bootstrap is vulnerable to cross-site scripting. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to...

6.1CVSS6.3AI score0.42326EPSS
Exploits9Affected Software1
Cvelist
Cvelist
added 2025/01/30 1:41 p.m.16 views

CVE-2024-13700 Embed Swagger UI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00212EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/30 1:41 p.m.8 views

CVE-2024-13700 Embed Swagger UI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00212EPSS
Exploits0References2
CVE
CVE
added 2025/01/30 1:41 p.m.48 views

CVE-2024-13700

The CVE concerns the WordPress plugin Embed Swagger UI (WordPress) up to version 1.0.0, where a Stored Cross-Site Scripting flaw exists in the wpsgui shortcode due to insufficient input sanitization and output escaping. Exploitation requires authentication at contributor level or higher; an attac...

6.4CVSS5.7AI score0.00212EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2025/01/30 7:16 a.m.6 views

WordPress Embed Swagger UI plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Embed Swagger UI versions = 1.0.0...

6.4CVSS5.7AI score0.00212EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.4 views

WordPress plugin Embed Swagger UI 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.4CVSS8.2AI score0.00212EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.5 views

PT-2025-2249 · WordPress · Embed Swagger

Name of the Vulnerable Software and Affected Versions: Embed Swagger UI plugin for WordPress version 1.0.0 and earlier Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS7.9AI score0.00212EPSS
Exploits0References8
NVD
NVD
added 2024/12/30 2:15 p.m.31 views

CVE-2024-54181

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

7.2CVSS0.00973EPSS
Exploits0References1
OSV
OSV
added 2024/12/30 2:15 p.m.8 views

CVE-2024-54181

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

7.2CVSS6.2AI score0.00973EPSS
Exploits0References1
CVE
CVE
added 2024/12/30 1:41 p.m.73 views

CVE-2024-54181

IBM WebSphere Automation 1.7.5 is vulnerable to an OS Command Injection due to improper neutralization of inputs in the Swagger UI. A remote privileged user with Swagger UI access can execute arbitrary code on the system. IBM’s security bulletin confirms affected version 1.7.5 and recommends upgr...

7.2CVSS7.2AI score0.00973EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2024/10/01 10:1 a.m.3 views

Cross-site Scripting (XSS)

github.com/gotify/server is vulnerable to Cross-site Scripting XSS. The vulnerability is due to outdated Swagger UI, which uses a vulnerable version of DOMPurify, allowing an attacker to execute arbitrary JavaScript through external Swagger config files...

7.1AI score
Exploits0
OSV
OSV
added 2024/08/20 8:25 p.m.11 views

GO-2023-1471 Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server

Reflected XSS in Gotify's /docs via import of outdated Swagger UI in github.com/gotify/server...

6.2AI score
Exploits0References4
OSV
OSV
added 2024/08/02 5:16 p.m.5 views

CVE-2024-7314

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...

9.8CVSS6.1AI score0.51468EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/08/02 12:0 a.m.7 views

AJ-Report 安全漏洞

AJ-Report is an open source visual design tool from anji-plus. A security vulnerability exists in AJ-Report versions prior to 1.4.1, which originates from a remote, unauthenticated attacker who can attach swagger-ui to an HTTP request to bypass authentication and execute arbitrary Java on the...

9.8CVSS7.4AI score0.51468EPSS
Exploits1References7
Rows per page
Query Builder