Domain www.geriaplus.at
The Netherlands
-
Swagger API description is publicly available
Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
First seen 2026-01-17 15:08
Last seen 2026-02-16 15:30
Open for 30 days-
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549553d32749aaf9ebaa725f2824ff53ee8e5cc752cPublic Swagger UI/API detected at path: /swagger/index.html - sample paths: GET /api/v1/Patients/validationdates GET /api/v1/Patients/{patientId}/dietryAdvices GET /api/v1/Patients/{patientId}/dietryMeasures GET /api/v1/Patients/{patientId}/products GET /api/v1/Patients/{patientId}/weights GET /api/v1/Products GET /api/v1/Products/{productId} GET /api/v1/Stations POST /api/v1/Login/RetreiveAutologinUrl POST /api/v1/Patients POST /api/v1/Patients/Conversion/Height PUT /api/v1/Patients/{patientId} PUT /api/v1/Patients/{patientId}/mna PUT /api/v1/Stations/{stationId}Found on 2026-02-16 15:30
-
-
Open service 52.178.89.129:443 ยท www.geriaplus.at
2026-01-23 03:06
HTTP/1.1 200 OK Content-Length: 21369 Connection: close Content-Type: text/html Date: Fri, 23 Jan 2026 03:06:33 GMT Accept-Ranges: bytes Cache-Control: no-store, public, must-revalidate, no-cache, max-age=0 ETag: "1dc857c5bfceb79" Last-Modified: Wed, 14 Jan 2026 17:36:48 GMT Set-Cookie: ARRAffinity=2448d63b0e80d6df1a0987b7e65878e05fb3f379cf5f89ac26e4205d8c091c81;Path=/;HttpOnly;Secure;Domain=www.geriaplus.at Set-Cookie: ARRAffinitySameSite=2448d63b0e80d6df1a0987b7e65878e05fb3f379cf5f89ac26e4205d8c091c81;Path=/;HttpOnly;SameSite=None;Secure;Domain=www.geriaplus.at Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:770f5d3f-4abb-4fdf-9689-e98d1d775d86 X-Content-Type-Options: nosniff Referrer-Policy: no-referrer X-XSS-Protection: 1; mode=block X-Frame-Options: Deny Content-Security-Policy: script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com data:;frame-ancestors 'self' Feature-Policy: geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none'; Page title: GeriaPlus <!doctype html> <html lang="de" data-beasties-container> <head> <meta charset="utf-8"> <title>GeriaPlus</title> <base href="/"> <link rel="shortcut icon" href="assets/icon/favicon.ico"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="msapplication-TileColor" content="#ffffff"> <meta name="theme-color" content="#ffffff"> <style type="text/css"> body, html, .height-100 { height: 100%; } .app-loading { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; height: 100%; overflow: hidden; } .app-loading .spinner { height: 200px; width: 200px; animation: rotate 2s linear infinite; transform-origin: center center; position: absolute; top: 0; bottom: 0; left: 0; right: 0; margin: auto; overflow: hidden; } .app-loading .spinner .path { stroke-dasharray: 1, 200; stroke-dashoffset: 0; animation: dash 1.5s ease-in-out infinite; stroke-linecap: round; stroke: #ddd; } .app-loading .logo { width: 100px; height: 100px; background-size: 100%; background-image: url(./assets/img/logo.geriaplus.png); background-repeat: no-repeat; background-position: center; } @keyframes rotate { 100% { transform: rotate(360deg); } } @keyframes dash { 0% { stroke-dasharray: 1, 200; stroke-dashoffset: 0; } 50% { stroke-dasharray: 89, 200; stroke-dashoffset: -35px; } 100% { stroke-dasharray: 89, 200; stroke-dashoffset: -124px; } } </style> <style>body{height:100vh}:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0f9bc7;--bs-secondary:#003d65;--bs-success:#199800;--bs-info:#1ea7ed;--bs-warning:#faa61a;--bs-danger:#e92323;--bs-light:#e8e8e8;--bs-dark:#a5a5a5;--bs-primary-rgb:15, 155, 199;--bs-secondary-rgb:0, 61, 101;--bs-success-rgb:25, 152, 0;--bs-info-rgb:30, 167, 237;--bs-warning-rgb:250, 166, 26;--bs-danger-rgb:233, 35, 35;--bs-light-rgb:232, 232, 232;--bs-dark-rgb:165, 165, 165;--bs-primary-text-emphasis:rgb(5.2, 44, 101.2);--bs-secondary-text-emphasis:rgb(43.2, 46.8, 50);--bs-success-text-emphasis:rgb(10, 54, 33.6);--bs-info-text-emphasis:rgb(5.2, 80.8, 96);--bs-warning-text-emphasis:rgb(102, 77.2, 2.8);--bs-danger-text-emphasis:rgb(88, 21.2, 27.6);--bs-light-text-emphasis:#495057;--bs-dark-text-emphasis:#495057;--bs-primary-bg-subtle:rgb(206.6, 226, 254.6);--bs-secondary-bg-subtle:rgb(225.6, 227.4, 229);--bs-success-bg-subtle:rgb(209, 231, 220.8);--bs-info-bg-subtle:rgb(206.6, 244.4, 252);--bs-warning-bg-subtle:rgb(255, 242.6, 205.4);--bs-danger-bg-subtle:rgb(248, 214.6, 217.8);--bs-light-bg-subtle:rgb(251.5, 252, 252.5);--bs-dark-bg-subtle:#ced4da;--bs-primFound 2026-01-23 by HttpPluginCreate report