Smartbear Swagger Ui
By the Year
In 2022 there have been 2 vulnerabilities in Smartbear Swagger Ui with an average score of 5.2 out of ten. Swagger Ui did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2022 as compared to last year.
It may take a day or so for new Swagger Ui vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Smartbear Swagger Ui Security Vulnerabilities
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim
6.1 - Medium
- March 11, 2022
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks
4.3 - Medium
- March 11, 2022
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Improper Input Validation
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11
9.8 - Critical
- October 10, 2019
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.