https://blog.qife122.com/tags/swagger/ Recent content in Swagger on 办公AI智能小助手 Hugo zh-cn qife Tue, 11 Nov 2025 00:22:09 +0800 https://blog.qife122.com/p/swagger-ui-1.0.3%E8%B7%A8%E7%AB%99%E8%84%9A%E6%9C%ACxss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%B8%8E%E5%88%A9%E7%94%A8/ Tue, 11 Nov 2025 00:22:09 +0800 https://blog.qife122.com/p/swagger-ui-1.0.3%E8%B7%A8%E7%AB%99%E8%84%9A%E6%9C%ACxss%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%B8%8E%E5%88%A9%E7%94%A8/ <h1 id="swagger-ui-103跨站脚本xss">Swagger UI 1.0.3跨站脚本(XSS)</h1> <h2 id="漏洞信息">漏洞信息</h2> <p><strong>发布日期</strong>: 2025.10.29<br> <strong>作者</strong>: ByteReaper0<br> <strong>风险等级</strong>: 低<br> <strong>本地利用</strong>: 否<br> <strong>远程利用</strong>: 是<br> <strong>CVE编号</strong>: CVE-2025-8191<br> <strong>CWE编号</strong>: CWE-79</p> <h2 id="漏洞描述">漏洞描述</h2> <p>CVE-2025-8191是Swagger UI服务中的一个漏洞，由于对description参数过滤不严，导致可以在远程服务器上执行命令。</p>