Skip to content

XSS vulnerability #56

New issue
New issue
Open
Open
XSS vulnerability#56
@guillaume-fr

Description

@guillaume-fr
guillaume-fr
opened on Apr 7, 2025

This implementation is vulnerable to XSS described here https://blog.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/

Reproduction with the following URL /?url=https://jumpy-floor.surge.sh/test.yaml

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions