{"id":9034,"date":"2025-07-26T09:36:20","date_gmt":"2025-07-26T09:36:20","guid":{"rendered":"http:\/\/localhost\/?p=9034"},"modified":"2025-07-26T09:36:20","modified_gmt":"2025-07-26T09:36:20","slug":"macrozheng-mall-swagger-ui-indexhtml-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9034","title":{"rendered":"macrozheng mall Swagger UI index.html cross site scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nmacrozheng mall Swagger UI index.html cross site scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-26T13:32:05.276Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-26T13:32:05.276Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nmacrozheng<\/td>\n<\/tr>\n
Product<\/th>\nmall<\/td>\n<\/tr>\n
Version<\/th>\n1.0.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.1 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:P\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA cross-site scripting (XSS) vulnerability in the Swagger UI component of macrozheng mall allows remote attackers to execute scripts via the configUrl argument. This affects versions up to 1.0.3. The vendor has not responded to disclosure attempts.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nmacrozheng<\/td>\n<\/tr>\n
AI Product<\/th>\nmacrozheng mall<\/td>\n<\/tr>\n
AI Version<\/th>\n1.0.0, 1.0.1, 1.0.2, 1.0.3<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n