CVE-2021-46708UI Misrepresentation / Clickjacking in Swagger-ui-dist

CWE-1021UI Misrepresentation / Clickjacking5 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 47.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Smartbear Swagger-ui-dist
Timeline
PublishedMar 11
Latest updateAug 4

Description

The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

Patches

Patch: security.snyk.ioPatch: security.snyk.io

🔴Vulnerability Details

2
GHSA
Spoofing attack in swagger-ui-dist2022-03-12
OSV
Spoofing attack in swagger-ui-dist2022-03-12

💬Community

2
Bugzilla
External authentication prompt injection via unsafe remote file include at https://ctms.prod.mozilla-ess.mozit.cloud/docs2022-08-04
Bugzilla
External authentication prompt injection via unsafe remote file include at https://firefox-newtab-proxy.getpocket.com/docs2022-08-04
CVE-2021-46708 — UI Misrepresentation / Clickjacking | cvebase