CVE-2016-1000229

MEDIUM

swagger-ui - XSS

Title source: llm

Description

swagger-ui has XSS in key names

Exploits (1)

nomisec WORKING POC

by barteeees · poc

https://github.com/barteeees/SwaggerUI-CVE-2016-1000229

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97580

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2017:0868

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229

[Third Party Advisory] https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json

Scores

CVSS v3 6.1

EPSS 0.0498

EPSS Percentile 89.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (4)

npm/swagger-ui 0 - 2.2.1npm

redhat/jboss_fuse 6.3

redhat/openshift 2.0

smartbear/swagger-ui

Published Dec 20, 2019

Tracked Since Feb 18, 2026