CVE-2025-8191

LOW NUCLEI

macrozheng mall < 1.0.3 - Cross-Site Scripting via Swagger UI configUrl Parameter

Title source: llm

Exploitation Summary

EIP tracks 4 public exploits for CVE-2025-8191. PoCs published by Byte Reaper, byteReaper77, YanC1e. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Swagger UI 1.0.3 by crafting a malicious JSON payload that injects JavaScript to exfiltrate cookies. The PoC uses libcurl to send the payload to a vulnerable Swagger UI instance.

Description

A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor deleted the GitHub issue for this vulnerability without any explanation. Afterwards the vendor was contacted early about this disclosure via email but did not respond in any way.

Exploits (4)

exploitdb WORKING POC

by Byte Reaper · cremotemultiple

https://www.exploit-db.com/exploits/52392

View Code ZIP pw:eip

This exploit demonstrates a Cross-Site Scripting (XSS) vulnerability in Swagger UI 1.0.3 by crafting a malicious JSON payload that injects JavaScript to exfiltrate cookies. The PoC uses libcurl to send the payload to a vulnerable Swagger UI instance.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Swagger UI 1.0.3

No auth needed

Prerequisites: Access to a vulnerable Swagger UI instance · Ability to host a malicious JSON file on an attacker-controlled server

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by byteReaper77 · poc

https://github.com/byteReaper77/CVE-2025-8191

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2025-8191, a Cross-Site Scripting (XSS) vulnerability in Swagger UI versions ≤ 1.0.3. The exploit crafts a malicious JSON payload with a script tag in the 'description' field, which is then served via a crafted URL to trigger the XSS.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Swagger UI ≤ 1.0.3

No auth needed

Prerequisites: Target Swagger UI instance accessible via HTTP · Attacker-controlled server to host the malicious JSON payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by YanC1e · poc

https://github.com/YanC1e/CVE-2025-8191

View Code ZIP pw:eip

This repository contains functional proof-of-concept exploit code for CVE-2025-8191, demonstrating an XSS vulnerability in Swagger UI. The exploit leverages malicious JavaScript injection in the 'title' and 'description' fields of Swagger YAML files to trigger arbitrary script execution.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Swagger UI (version not specified)

No auth needed

Prerequisites: Access to a vulnerable Swagger UI instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC

by mayank-s16 · poc

https://github.com/mayank-s16/Swagger-HTML-Injection-CVE-2025-8191

View Code ZIP pw:eip

This repository demonstrates an HTML injection vulnerability in Swagger UI (CVE-2025-8191) by leveraging the `configURL` parameter to load a malicious YAML configuration. The injected HTML renders a fake login form, showcasing the potential for phishing or credential harvesting.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Swagger UI

No auth needed

Prerequisites: Access to a vulnerable Swagger UI instance · Ability to host a malicious YAML configuration file

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Swagger UI >=3.14.1 < 3.38.0 - DOM Based Cross-Site Scripting

MEDIUMVERIFIEDby DhiyaneshDK

Shodan: http.component:"Swagger" || http.component:"swagger" || http.favicon.hash:"-1180440057"

FOFA: icon_hash="-1180440057"

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.317604

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.317604

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.615731

Exploit, Third Party Advisory exploit

https://github.com/zast-ai/vulnerability-reports/blob/main/mall/DOM_XSS.md

View Exploit ZIP pw:eip

Broken Link issue-tracking

https://github.com/macrozheng/mall/issues/919

Scores

CVSS v3 3.5

EPSS 0.0068

EPSS Percentile 72.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

macrozheng/mall < 1.0.3

Published Jul 26, 2025

Tracked Since Feb 18, 2026