Vulnerabilities > Smartbear > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-15 CVE-2024-22207 Unspecified vulnerability in Smartbear Swagger UI 2.0.0/2.0.1
fastify-swagger-ui is a Fastify plugin for serving Swagger UI.
network
low complexity
smartbear
5.3
2022-03-11 CVE-2018-25031 Improper Input Validation vulnerability in Smartbear Swagger UI
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks.
network
low complexity
smartbear CWE-20
4.3
2022-03-11 CVE-2021-46708 Improper Restriction of Rendered UI Layers or Frames vulnerability in Smartbear Swagger-Ui-Dist
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
smartbear CWE-1021
6.1
2022-03-10 CVE-2021-41657 Improper Restriction of Rendered UI Layers or Frames vulnerability in Smartbear Collaborator 6.1.6102
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.
network
low complexity
smartbear CWE-1021
6.1
2021-03-11 CVE-2021-21364 Incorrect Permission Assignment for Critical Resource vulnerability in Smartbear Swagger-Codegen
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
local
low complexity
smartbear CWE-732
5.5
2019-12-20 CVE-2016-1000229 Cross-site Scripting vulnerability in multiple products
swagger-ui has XSS in key names
network
low complexity
smartbear redhat CWE-79
6.1
2017-04-10 CVE-2016-5682 Cross-site Scripting vulnerability in Smartbear Swagger-Ui
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
network
low complexity
smartbear CWE-79
6.1