Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:34733
HistoryMar 18, 2022 - 5:13 a.m.

Clickjacking

2022-03-1805:13:22
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
60
swaggerui vulnerability remoteattack hijackvictim.

EPSS

0.001

Percentile

51.0%

swagger-ui, is vulnerable to clickjacking. It was possible to perform a clickjacking attack due to the lack of validation in the SwaggerUI function allowing a remote attacker to exploit and hijack victim click actions.

Affected configurations

Vulners
Node
smartbearswagger_uiRange4.1.2
OR
smartbearswagger-ui-distRange4.1.2node.js
VendorProductVersionCPE
smartbearswagger_ui*cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
smartbearswagger-ui-dist*cpe:2.3:a:smartbear:swagger-ui-dist:*:*:*:*:*:node.js:*:*

EPSS

0.001

Percentile

51.0%