Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-25031
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Swagger UI 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Swagger UI是一款支持可视化API资源并能够与之进行交互的开源工具。 Swagger-api Swagger UI 4.1.3之前版本中存在安全漏洞,该漏洞源于软件缺少对于用户提交的URL数据过滤和转义。攻击者可以通过特制的URL数据利用该漏洞进行欺骗攻击并显示远程OpenAPI定义。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2018-25031
#POC DescriptionSource LinkShenlong Link
1.json and .yaml files used to exploit CVE-2018-25031https://github.com/afine-com/CVE-2018-25031POC Details
2Nonehttps://github.com/kriso4os/CVE-2018-25031POC Details
3Exploit Swagger UI - User Interface (UI) Misrepresentation of Critical Information (CVE-2018-25031)https://github.com/rafaelcintralopes/SwaggerUI-CVE-2018-25031POC Details
4CVE-2018-25031 testshttps://github.com/mathis2001/CVE-2018-25031POC Details
5CVE-2018-25031 Test PoChttps://github.com/wrkk112/CVE-2018-25031POC Details
6Nonehttps://github.com/LUCASRENAA/CVE-2018-25031POC Details
7PoC of CVE-2018-25031https://github.com/hev0x/CVE-2018-25031-PoCPOC Details
8Nonehttps://github.com/ThiiagoEscobar/CVE-2018-25031POC Details
9Nonehttps://github.com/johnlaurance/CVE-2018-25031-test2POC Details
10Nonehttps://github.com/nullbyter19/CVE-2018-25031POC Details
11A simple POC (CVE-2018-25031https://github.com/geozin/POC-CVE-2018-25031POC Details
12Nonehttps://github.com/h2oa/CVE-2018-25031POC Details
13Nonehttps://github.com/natpakun/SSRF-CVE-2018-25031-POC Details
14CVE-2018-25031-SGhttps://github.com/KonEch0/CVE-2018-25031-SGPOC Details
15Testing for exploitationhttps://github.com/Proklinius897/CVE-2018-25031-testsPOC Details
16Nonehttps://github.com/MMAKINGDOM/CVE-2018-25031POC Details
17Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. https://github.com/projectdiscovery/nuclei-templates/blob/main/headless/cves/2018/CVE-2018-25031.yamlPOC Details
18CVE-2018-25031https://github.com/nigartest/CVE-2018-25031POC Details
19Nonehttps://github.com/faccimatteo/CVE-2018-25031POC Details
20Nonehttps://github.com/h4ckt0m/CVE-2018-25031-testPOC Details
21Nonehttps://github.com/rasinfosec/CVE-2018-25031POC Details
22POC for Testing HTML Injection in Swagger UI (CVE-2018-25031).https://github.com/rh007pt/swagger-uiPOC Details
23POC for Testing HTML Injection in Swagger UI (CVE-2018-25031).https://github.com/RelicHunt3r/swagger-uiPOC Details
24Nonehttps://github.com/labeebSabbah/CVE-2018-25031POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2018-25031
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2018-25031

No comments yet

Leave a comment