The SAP Security Note # 3569602 includes Cross-Site ScraIpling risk (XSS) risk of SAT Security Bugs at Swapul-UI integrated spelling library.
Followed as a CVE 2025-27434, a relevant element of Swagger Ui is developing a potentially unintended path to include the bad XSS Attack sources. Any victim will have to be deceived to place brutal loading in the installation index, which may be based on social engineering.
When I succeed, the attackers will be able to break the secret, integrity and availability of the application – to find a great risk of CVSS points 8.8.
Source link