Vulnerabilities > Smartbear > Swagger UI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-15 | CVE-2024-22207 | Insecure Default Initialization of Resource vulnerability in Smartbear Swagger UI 2.0.0/2.0.1 fastify-swagger-ui is a Fastify plugin for serving Swagger UI. | 5.3 |
| 2022-03-11 | CVE-2018-25031 | Improper Input Validation vulnerability in Smartbear Swagger UI Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. | 4.3 |
| 2022-03-11 | CVE-2021-46708 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Smartbear Swagger UI The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2019-12-20 | CVE-2016-1000229 | Cross-site Scripting vulnerability in multiple products swagger-ui has XSS in key names | 4.3 |
| 2019-10-10 | CVE-2019-17495 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. | 9.8 |
| 2017-04-10 | CVE-2016-5682 | Cross-site Scripting vulnerability in Smartbear Swagger-Ui Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. | 4.3 |