[jira] [Created] (CXF-9075) html injection in swagger-ui

Dmitry (Jira) Sat, 02 Nov 2024 14:53:05 -0700

Dmitry created CXF-9075:
---------------------------

             Summary: html injection in swagger-ui
                 Key: CXF-9075
                 URL: https://issues.apache.org/jira/browse/CXF-9075
             Project: CXF
          Issue Type: Bug
    Affects Versions: 4.0.5
            Reporter: Dmitry
         Attachments: image-2024-11-03-00-46-59-847.png, 
image-2024-11-03-00-47-41-433.png, image-2024-11-03-00-48-18-602.png


Good afternoon!
I use cxf-rt-rs-service-description-swagger 4.0.5
Today I check for this vulnerability and it works :(:
[https://www.youtube.com/watch?v=zWjOK5FxfEY]

Steps to reproduce:
1) Get url of swagger ui:
[http://127.0.0.1:18081/api-docs?url=/openapi.json]
2) Write some address with html injection there:
[http://127.0.0.1:18081/api-docs?|http://127.0.0.1:18081/api-docs?url=/openapi.json]configUrl=[https://gist.githubusercontent.com/zenelite123/af28f9b61759b800cb65f93ae7227fb5/raw/04003a9372ac6a5077ad76aa3d20f2e76635765b/test.json#/]
Result:
!image-2024-11-03-00-48-18-602.png!

Do you know how to prohibit set random url after "configUrl" and "config" like 
here:
[https://openapi.wb.ru/content/swagger/api/ru/#/]

I should do something with OpenApiFeature settings? Or change something in 
webjars.swagger-ui dependency?
Thank!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (CXF-9075) html injection in swagger-ui

Reply via email to