Search for vulnerabilities
| Vulnerability ID | VCID-r28p-re5d-uya7 |
| Aliases |
CVE-2016-1000233
GHSA-mrx7-8hxf-f853 GMS-2020-785 |
| Summary | XSS via Content-type header By using a malicious server which returns script as the value of the Content-Type header, it is possible to execute arbitrary code using the demonstration capabilities of Swagger-UI. |
| Status | Published |
| Exploitability | 0.5 |
| Weighted Severity | 8.0 |
| Risk | 4.0 |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| cvssv3 | 7.3 | https://github.com/nodejs/security-wg/blob/main/vuln/npm/131.json |
| generic_textual | HIGH | https://github.com/swagger-api/swagger-ui |
| generic_textual | HIGH | https://github.com/swagger-api/swagger-ui/commit/331d2be070d89162aa3174a8773ae4a0093f78bc |
| cvssv3 | 7.3 | https://github.com/swagger-api/swagger-ui/issues/1863 |
| generic_textual | HIGH | https://github.com/swagger-api/swagger-ui/issues/1863 |
| generic_textual | HIGH | https://nvd.nist.gov/vuln/detail/CVE-2016-1000233 |
| generic_textual | HIGH | https://www.npmjs.com/advisories/131 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-02T03:45:03.262424+00:00 | Npm Importer | Import | https://github.com/nodejs/security-wg/blob/main/vuln/npm/131.json | 38.6.0 |