Lucene search
+L

492 matches found

cve
cve
added 2025/07/20 3:32 p.m.20 views

CVE-2025-7901

Summary (CVE-2025-7901) : The vulnerability affects yangzongzhuan RuoYi versions up to 4.8.1, specifically in the Swagger UI component accessed via /swagger-ui/index.html. The root cause is manipulation of the configUrl parameter in Swagger UI, which can lead to cross‑site scripting. The issue ma...

6.1CVSS4.4AI score0.00732EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2025/07/20 12:0 a.m.6 views

RuoYi 代码注入漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A code injection vulnerability exists in RuoYi 4.8.1 and earlier versions, which originates from cross-site scripting due to incorrect manipulation of the parameter configUrl in the file /swagger-ui/index.html...

6.1CVSS4.7AI score0.00732EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2025/07/20 12:0 a.m.14 views

PT-2025-30206

Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.1 Description A problematic issue exists in yangzongzhuan RuoYi related to the processing of the /swagger-ui/index.html file within the Swagger UI component. Manipulation of the configUrl argument can lea...

6.1CVSS3.4AI score0.00732EPSS
Exploits1References10
osv
osv
added 2025/06/11 3:55 a.m.5 views

MAL-2025-4926 Malicious code in mh-swagger-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c511d3eda3b228d180191f4caee04bad5746d8134a082644b776b462f4b2eb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
ossf
ossf
added 2025/06/11 3:55 a.m.6 views

Malicious code in mh-swagger-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4c511d3eda3b228d180191f4caee04bad5746d8134a082644b776b462f4b2eb7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
vulncheck_kev
vulncheck_kev
added 2025/05/27 12:0 a.m.8 views

VulnCheck KEV: CVE-2024-7314

anji-plus AJ-Report is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java on the victim server. Exploitation evidence was observed by the Shadowserver Foundation on...

9.8CVSS6AI score0.51468EPSS
Exploits2References1
redhatcve
redhatcve
added 2025/05/23 9:46 a.m.10 views

CVE-2024-25712

http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded via httpSwagger.WrapHandler and webdav.memFile can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because if a solution continued to allow...

7.8CVSS5.8AI score0.02402EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/23 9:35 a.m.12 views

CVE-2024-22207

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

5.3CVSS5.1AI score0.02001EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 7:35 a.m.9 views

CVE-2024-13700

The Embed Swagger UI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsgui' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00212EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 6:47 p.m.6 views

CVE-2021-39910

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature...

4.3CVSS6.6AI score0.00955EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 10:2 a.m.7 views

CVE-2019-17495

A Cascading Style Sheets CSS injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite RPO technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows th...

9.8CVSS7AI score0.0558EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/05/22 8:59 a.m.11 views

CVE-2018-25031

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parti...

4.3CVSS6.6AI score0.42326EPSS
Exploits4References1
hackerone
hackerone
added 2025/05/02 5:57 p.m.10 views

U.S. Dept Of Defense: Swagger UI Injection via Config URL - `███`

A Swagger UI injection vulnerability was identified on a specific endpoint. The issue allowed an attacker to inject custom JSON configuration into the Swagger UI, potentially leading to unspecified consequences...

7.3AI score
Exploits0
bdu_fstec
bdu_fstec
added 2025/04/09 12:0 a.m.8 views

The vulnerability of the Swagger UI interactive console of the SAP Commerce platform allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Swagger UI interactive console of the SAP Commerce platform is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to influence the confidentiality, integrity, and accessibility of the protected...

10CVSS5.5AI score0.00439EPSS
Exploits0References2
cvelist
cvelist
added 2025/03/11 12:39 a.m.17 views

CVE-2025-27434 Cross-Site Scripting (XSS) vulnerability in SAP Commerce (Swagger UI)

Due to insufficient input validation, SAP Commerce Swagger UI allows an unauthenticated attacker to inject the malicious code from remote sources, which can be leveraged by an attacker to execute a cross-site scripting XSS attack. This could lead to a high impact on the confidentiality, integrity...

8.8CVSS0.00439EPSS
Exploits0References2
ibm
ibm
added 2025/02/27 1:28 p.m.21 views

Security Bulletin:Vulnerabiilties in swagger-ui and Bootstrap affect watsonx.data

Summary swagger-ui is vulnerable to conduct spoofing attacks. Bootstrap is vulnerable to cross-site scripting. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to...

6.1CVSS6.3AI score0.42326EPSS
Exploits10Affected Software1
bdu_fstec
bdu_fstec
added 2025/02/25 12:0 a.m.8 views

The vulnerability of the Grafana monitoring and surveillance platform’s interface allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the Grafana monitoring and observation platform’s interface is related to the lack of measures taken to protect the website structure during the processing of the /swagger endpoint. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...

6.4CVSS7.4AI score
Exploits0References5Affected Software8
redhatcve
redhatcve
added 2025/02/05 7:36 p.m.10 views

CVE-2022-39258

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to stea...

8.2CVSS6.6AI score0.00632EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 4:14 a.m.7 views

CVE-2024-54181

IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system...

7.2CVSS7.8AI score0.00973EPSS
Exploits0References1
cve
cve
added 2025/01/30 1:41 p.m.49 views

CVE-2024-13700

The CVE concerns the WordPress plugin Embed Swagger UI (WordPress) up to version 1.0.0, where a Stored Cross-Site Scripting flaw exists in the wpsgui shortcode due to insufficient input sanitization and output escaping. Exploitation requires authentication at contributor level or higher; an attac...

6.4CVSS5.7AI score0.00212EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder