PT-2020-7939 · Unknown · Swagger-Ui

Published

2020-09-01

Updated

2020-09-01

CVE-2016-1000233

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions: swagger-ui versions prior to 2.2.1

Description: The issue exists due to the automatic execution of external Javascript loaded via the url query string parameter when a Content-Type: application/javascript header is included. An attacker can create a malicious script and craft a URL that includes the location to their server/script in the url query string parameter, allowing the execution of the malicious script when the link is viewed.

Recommendations: Update to version 2.2.1 or later.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2016-1000233

GHSA-MRX7-8HXF-F853

Affected Products

Swagger-Ui

PT-2020-7939 · Unknown · Swagger-Ui

CVE-2016-1000233

Weakness Enumeration

Related Identifiers

Affected Products

References · 6