Posts by Scott Davis

2 min Exploits

R7-2016-19: Persistent XSS via Unescaped Parameters in Swagger-UI (CVE-2016-5682)

Parameters within a Swagger document are insecurely loaded into a browser based documentation. Persistent XSS occurs when this documentation is then hosted together on a public site. This issue was resolved in Swagger-UI 2.2.1 []. Summary One of the components used to build the interactive documentation portion of the swagger ecosystem is the Swagger-UI []. This interface generates dynamic docu

5 min Vulnerability Disclosure

R7-2016-06: Remote Code Execution via Swagger Parameter Injection (CVE-2016-5641)

This disclosure will address a class of vulnerabilities in a Swagger Code Generator [] in which injectable parameters in a Swagger JSON or YAML file facilitate remote code execution. This vulnerability applies to NodeJS [], PHP [], Ruby [], and Java [] and probably other languages as well.  Other code generation tools [] may also be v

3 min Application Security

3 Web App Sec-ian Takeaways From the 2016 DBIR

This year's 2016 Verizon Data Breach Report [/2016/05/02/web-application-security-insights-from-the-2016-verizon-dbir] was a great read. As I spend my days exploring web application security, the report provided a lot of great insight into the space that I often frequent. Lately, I have been researching out of band and second order vulnerabilities as well as how Single Page Applications are affecting application security programs.  The following three takeaways are my gut reaction thoughts on th