HouqiyuA/gist:9d2c3f0ba075d01631aff879546e419c

## gistfile1.txt
[Description]:
Cross Site Scripting (XSS) vulnerability in petstore v1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet interface.

[Vulnerability Type]:
Cross Site Scripting (XSS)

[Vendor of Product]:
https://github.com/swagger-api/swagger-petstore

[Affected Product Code Base]:
petstore - v1.0.7

[Affected Component]:
1. API interface: /api/v3/pet — no input filtering or encoding for user-submitted parameters such as 'name' or 'photoUrls';
2. Database storage layer: directly stores unfiltered malicious data (e.g., HTML/JS tags);
3. Front-end rendering module: dynamically loads and renders content without sanitization.

[Attack Vectors]:
1. The attacker injects a malicious script payload (e.g., <script>alert('XSS')</script>) into the 'name' parameter via the POST /api/v3/pet endpoint.
2. Since the server does not filter or encode input, the payload is persistently stored in the database.
3. When other users view the pet's details on the front-end, the malicious script executes in their browser, leading to code execution and potential information disclosure.

[PoC]:
https://gist.github.com/HouqiyuA/9d2c3f0ba075d01631aff879546e419c

[Reference]:
https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fswagger-api%2Fswagger-petstore&sa=D&sntz=1&usg=AOvVaw0bPYxOZ-XKNAbTj4h0EOMD
https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml


[CVE]:
CVE-2025-29156
	[Description]:
	Cross Site Scripting (XSS) vulnerability in petstore v1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet interface.

	[Vulnerability Type]:
	Cross Site Scripting (XSS)

	[Vendor of Product]:
	https://github.com/swagger-api/swagger-petstore

	[Affected Product Code Base]:
	petstore - v1.0.7

	[Affected Component]:
	1. API interface: /api/v3/pet — no input filtering or encoding for user-submitted parameters such as 'name' or 'photoUrls';
	2. Database storage layer: directly stores unfiltered malicious data (e.g., HTML/JS tags);
	3. Front-end rendering module: dynamically loads and renders content without sanitization.

	[Attack Vectors]:
	1. The attacker injects a malicious script payload (e.g., <script>alert('XSS')</script>) into the 'name' parameter via the POST /api/v3/pet endpoint.
	2. Since the server does not filter or encode input, the payload is persistently stored in the database.
	3. When other users view the pet's details on the front-end, the malicious script executes in their browser, leading to code execution and potential information disclosure.

	[PoC]:
	https://gist.github.com/HouqiyuA/9d2c3f0ba075d01631aff879546e419c

	[Reference]:
	https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fswagger-api%2Fswagger-petstore&sa=D&sntz=1&usg=AOvVaw0bPYxOZ-XKNAbTj4h0EOMD
	https://github.com/swagger-api/swagger-petstore/blob/master/src/main/resources/openapi.yaml


	[CVE]:
	CVE-2025-29156
No results found