Vulnerabilities > Smartbear > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-15 | CVE-2024-22207 | Insecure Default Initialization of Resource vulnerability in Smartbear Swagger UI 2.0.0/2.0.1 fastify-swagger-ui is a Fastify plugin for serving Swagger UI. | 5.3 |
| 2022-03-11 | CVE-2018-25031 | Improper Input Validation vulnerability in Smartbear Swagger UI Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. | 4.3 |
| 2022-03-11 | CVE-2021-46708 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Smartbear Swagger UI The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2022-03-10 | CVE-2021-41657 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Smartbear Collaborator 6.1.6102 SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. | 6.1 |
| 2021-03-11 | CVE-2021-21364 | Incorrect Permission Assignment for Critical Resource vulnerability in Smartbear Swagger-Codegen swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. | 5.5 |
| 2021-03-11 | CVE-2021-21363 | Creation of Temporary File in Directory with Incorrect Permissions vulnerability in Smartbear Swagger-Codegen swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. | 4.4 |
| 2019-12-20 | CVE-2016-1000229 | Cross-site Scripting vulnerability in multiple products swagger-ui has XSS in key names | 4.3 |
| 2018-02-19 | CVE-2017-16670 | Code Injection vulnerability in Smartbear Soapui 5.3.0 The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. | 6.8 |
| 2017-04-10 | CVE-2016-5682 | Cross-site Scripting vulnerability in Smartbear Swagger-Ui Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. | 4.3 |