Vulnerabilities > Smartbear > Swagger UI

DATE CVE VULNERABILITY TITLE RISK
2024-01-15 CVE-2024-22207 Unspecified vulnerability in Smartbear Swagger UI 2.0.0/2.0.1
fastify-swagger-ui is a Fastify plugin for serving Swagger UI.
network
low complexity
smartbear
5.3
2022-03-11 CVE-2018-25031 Improper Input Validation vulnerability in Smartbear Swagger UI
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks.
network
low complexity
smartbear CWE-20
4.3
2019-12-20 CVE-2016-1000229 Cross-site Scripting vulnerability in multiple products
swagger-ui has XSS in key names
network
low complexity
smartbear redhat CWE-79
6.1
2019-10-10 CVE-2019-17495 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value.
network
low complexity
smartbear oracle CWE-352
critical
9.8
2017-04-10 CVE-2016-5682 Cross-site Scripting vulnerability in Smartbear Swagger-Ui
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
network
low complexity
smartbear CWE-79
6.1