5 matches found
CVE-2025-29156
Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet...
CVE-2025-29155
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint...
CVE-2025-29157
CVE-2025-29157 concerns the Swagger Petstore sample (version 1.0.7). The issue occurs when an attacker accesses a non-existent endpoint like /cart, causing the server to return a 404 error page that reveals sensitive information, including the servlet name (default) and server version. The descri...
CVE-2025-29156
Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet...
CVE-2025-29156
The CVE-2025-29156 entry concerns the Swagger Petstore sample (petstore) software, version 1.0.7, with a Cross Site Scripting (XSS) vulnerability in the /api/v3/pet endpoint. The root cause is input handling that allows crafted scripts to be processed, enabling a remote attacker to execute arbitr...