VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-ybf8-7h5c-3bbu

Vulnerability ID	VCID-ybf8-7h5c-3bbu
Aliases	CVE-2016-1000239
Summary	XSS in URL Query String Parameter In versions 2.1.0-M1 and 2.1.0-M2, swagger-ui has a cross site scripting (XSS) vulnerability in the `url` query string parameter.
Status	Published
Exploitability	0.5
Weighted Severity	8.2
Risk	4.1
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3	9.1	https://github.com/nodejs/security-wg/blob/main/vuln/npm/137.json
cvssv3	9.1	https://github.com/swagger-api/swagger-ui/issues/1262

Reference id	Reference type	URL
		https://github.com/swagger-api/swagger-ui/issues/1262
137		https://github.com/nodejs/security-wg/blob/main/vuln/npm/137.json

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T03:45:03.503245+00:00	Npm Importer	Import	https://github.com/nodejs/security-wg/blob/main/vuln/npm/137.json	38.6.0