Home / Security updates / UIPS-2023-001 - Security Advisory - UiPath Orchestrator - Swagger DOM Cross-Site Scripting (XSS)
UIPS-2023-001 - Security Advisory - UiPath Orchestrator - Swagger DOM Cross-Site Scripting (XSS)
Security updates detail rendered from /security-updates/upd_8062512902b42c5c.
Overview
| ID | upd_8062512902b42c5c |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | UiPath |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_8062512902b42c5c |
| providerId | safebase |
| organizationId | org_33d000fdc8a62017 |
| trustCenterId | tc_7d7ee18589030c52 |
| title | UIPS-2023-001 - Security Advisory - UiPath Orchestrator - Swagger DOM Cross-Site Scripting (XSS) |
| message | **Title: UIPS-2023-001- Security Advisory - Swagger DOM Cross-Site Scripting (XSS)** Publish Date: June 27, 2023 Version: 1.0 General Information Affected Versions: Automation Cloud Orchestrator Orchestrator Standalone Versions: 2020.10.0 - 2020.10.19 2021.10.0 - 2021.10.11 2022.4.0 - 2022.4.7 2022.10.0 - 2022.10.4 2023.4.0 Automation Suite Versions: 2021.10.0 - 2021.10.11 2022.4.0 - 2022.4.7 2022.10.0 - 2022.10.4 2023.4.0 CVSS Score: 6.4 Details: Swagger UI is a popular library used to beautify API specifications and render it to the users. Swagger UI versions 3.14.1 to 3.37.2 suffer from a DOM Cross-Site Scripting (XSS) vulnerability due to an outdated `DomPurify` embedded library and a feature available in the Swagger UI library itself which allows to fetch a remote API specifications file. By crafting a malicious specification file and link it through Swagger UI, an attacker could leverage this vulnerability to execute arbitrary JavaScript in the context of the victim user a |
| url | - |
| publishedAt | 2025-11-21 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_33d000fdc8a62017",
"name": "UiPath",
"domains": [
"trust.uipath.com",
"uipath.com"
]
} |
| trust_center | {
"id": "tc_7d7ee18589030c52",
"name": "UiPath",
"url": "https://trust.uipath.com",
"host": "trust.uipath.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_8062512902b42c5c",
"company": "/v1/companies/org_33d000fdc8a62017",
"trust_center": "/v1/trust-centers/tc_7d7ee18589030c52",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_8062512902b42c5cJSON