2 matches found
CVE-2016-1000233
CVE-2016-1000233 is a Swagger-UI cross-site scripting vulnerability described in the connected IBM bulletin. The issue arises when a Content-Type: application/javascript header is included while Swagger-UI processes a URL query string parameter, allowing a remote attacker to inject and execute ma...
@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000233 via swagger-ui (>=2.0.17 <=2.1.8-M1)
swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000233 Source advisory: OSV:GHSA-MRX7-8HXF-F853...