*Summary*: Hello team, I am a security researcher and I would like to report a security vulnerability in the Swagger UI site that allows for Stored cross-site scripting (XSS) attacks. By accessing the Swagger UI instance through the provided URL, an attacker can execute arbitrary JavaScript code and trigger a popup, indicating the presence of an XSS vulnerability. *Severity : High* *Steps to Reproduce:* 1) Open a web browser. 2) Access the following URL: https://swagger.lab.fiware.org/?configUrl=https://xss.smarpo.com/test.json 3) Once the Swagger UI page loads, observe that an XSS payload is executed automatically, resulting in a popup. Expected Behavior: The Swagger UI instance should sanitize and handle user-supplied input securely, preventing the execution of any malicious code. Actual Behavior: The Swagger UI instance is vulnerable to XSS attacks, allowing for the execution of arbitrary JavaScript code. This is evident from the automatic execution of a payload that triggers a popup. *Impact*: The exploitation of this vulnerability could lead to various security risks, including but not limited to: - Theft of sensitive information (e.g., cookies, session tokens) - Unauthorized actions on behalf of authenticated users - Phishing attacks by tricking users into disclosing personal information - Defacement of the Swagger UI interface - Disruption of service availability Read More here : https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/ *Recommendation*: I recommend addressing this XSS vulnerability by implementing proper input sanitization and output encoding mechanisms within the Swagger UI codebase. Additionally, it is crucial to regularly update and patch Swagger UI with the latest security fixes to mitigate potential risks. POC: Please find the Screenshot attached below -- Thanks & Regards Arjith N R -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-tech-help/attachments/20230727/ff903c8b/attachment-0001.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: fiware_xss.png Type: image/png Size: 67954 bytes Desc: not available URL: <https://lists.fiware.org/private/fiware-tech-help/attachments/20230727/ff903c8b/attachment-0001.png>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy