CVE-2019-17495
Description
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
11.565
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-17495 are fixed in IBM WebSphere 20.0.0.1 | Windows |
| Vulnerabilities CVE-2019-17495 are fixed in SpringFox-swagger-ui 2.10.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.2.5 | Windows |
| Vulnerabilities CVE-2019-17495 are fixed in WebJars - swagger-ui 3.23.11 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.9 | Windows |
| Vulnerabilities CVE-2019-17495 are fixed in SpringFox-swagger-ui for Linux 2.10.0 | Linux |
| Vulnerabilities CVE-2019-17495 are fixed in WebJars - swagger-ui for Linux 3.23.11 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234