Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Swagger Ui Security Vulnerabilities

cve
cve

CVE-2018-25031

Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties...

4.3CVSS

5.2AI Score

0.003EPSS

2022-03-11 07:15 AM
147
3
cve
cve

CVE-2019-17495

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows ...

9.8CVSS

9.3AI Score

0.017EPSS

2019-10-10 10:15 PM
243
cve
cve

CVE-2024-22207

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the ...

5.3CVSS

5.1AI Score

0.001EPSS

2024-01-15 04:15 PM
18