Exposing Swagger/OpenAPI documentation is primarily a risk if your API has underlying security flaws, as it gives attackers a precise roadmap to find them.
Those detail every endpoint, parameter, and data model, making it easier to discover and exploit vulnerabilities like broken access control or injection points.
While a perfectly secure API mitigates the danger, protecting your documentation is a critical layer of defense that forces attackers to work without a map.
Severity: info
Fingerprint: 5733ddf49ff49cd1aad03549553d32749aaf9ebaa725f2824ff53ee8e5cc752c
Public Swagger UI/API detected at path: /swagger/index.html - sample paths:
GET /api/v1/Patients/validationdates
GET /api/v1/Patients/{patientId}/dietryAdvices
GET /api/v1/Patients/{patientId}/dietryMeasures
GET /api/v1/Patients/{patientId}/products
GET /api/v1/Patients/{patientId}/weights
GET /api/v1/Products
GET /api/v1/Products/{productId}
GET /api/v1/Stations
POST /api/v1/Login/RetreiveAutologinUrl
POST /api/v1/Patients
POST /api/v1/Patients/Conversion/Height
PUT /api/v1/Patients/{patientId}
PUT /api/v1/Patients/{patientId}/mna
PUT /api/v1/Stations/{stationId}
Open service 52.178.89.129:443 ยท www.geriaplus.at
2026-01-23 03:06
HTTP/1.1 200 OK
Content-Length: 21369
Connection: close
Content-Type: text/html
Date: Fri, 23 Jan 2026 03:06:33 GMT
Accept-Ranges: bytes
Cache-Control: no-store, public, must-revalidate, no-cache, max-age=0
ETag: "1dc857c5bfceb79"
Last-Modified: Wed, 14 Jan 2026 17:36:48 GMT
Set-Cookie: ARRAffinity=2448d63b0e80d6df1a0987b7e65878e05fb3f379cf5f89ac26e4205d8c091c81;Path=/;HttpOnly;Secure;Domain=www.geriaplus.at
Set-Cookie: ARRAffinitySameSite=2448d63b0e80d6df1a0987b7e65878e05fb3f379cf5f89ac26e4205d8c091c81;Path=/;HttpOnly;SameSite=None;Secure;Domain=www.geriaplus.at
Strict-Transport-Security: max-age=2592000
Request-Context: appId=cid-v1:770f5d3f-4abb-4fdf-9689-e98d1d775d86
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
X-XSS-Protection: 1; mode=block
X-Frame-Options: Deny
Content-Security-Policy: script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' https://fonts.gstatic.com data:;frame-ancestors 'self'
Feature-Policy: geolocation 'none';midi 'none';notifications 'none';push 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';speaker 'self';vibrate 'none';fullscreen 'self';payment 'none';
Page title: GeriaPlus
<!doctype html>
<html lang="de" data-beasties-container>
<head>
<meta charset="utf-8">
<title>GeriaPlus</title>
<base href="/">
<link rel="shortcut icon" href="assets/icon/favicon.ico">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="msapplication-TileColor" content="#ffffff">
<meta name="theme-color" content="#ffffff">
<style type="text/css">
body,
html,
.height-100 {
height: 100%;
}
.app-loading {
position: relative;
display: flex;
flex-direction: column;
align-items: center;
justify-content: center;
height: 100%;
overflow: hidden;
}
.app-loading .spinner {
height: 200px;
width: 200px;
animation: rotate 2s linear infinite;
transform-origin: center center;
position: absolute;
top: 0;
bottom: 0;
left: 0;
right: 0;
margin: auto;
overflow: hidden;
}
.app-loading .spinner .path {
stroke-dasharray: 1, 200;
stroke-dashoffset: 0;
animation: dash 1.5s ease-in-out infinite;
stroke-linecap: round;
stroke: #ddd;
}
.app-loading .logo {
width: 100px;
height: 100px;
background-size: 100%;
background-image: url(./assets/img/logo.geriaplus.png);
background-repeat: no-repeat;
background-position: center;
}
@keyframes rotate {
100% {
transform: rotate(360deg);
}
}
@keyframes dash {
0% {
stroke-dasharray: 1, 200;
stroke-dashoffset: 0;
}
50% {
stroke-dasharray: 89, 200;
stroke-dashoffset: -35px;
}
100% {
stroke-dasharray: 89, 200;
stroke-dashoffset: -124px;
}
}
</style>
<style>body{height:100vh}:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-black:#000;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-gray-100:#f8f9fa;--bs-gray-200:#e9ecef;--bs-gray-300:#dee2e6;--bs-gray-400:#ced4da;--bs-gray-500:#adb5bd;--bs-gray-600:#6c757d;--bs-gray-700:#495057;--bs-gray-800:#343a40;--bs-gray-900:#212529;--bs-primary:#0f9bc7;--bs-secondary:#003d65;--bs-success:#199800;--bs-info:#1ea7ed;--bs-warning:#faa61a;--bs-danger:#e92323;--bs-light:#e8e8e8;--bs-dark:#a5a5a5;--bs-primary-rgb:15, 155, 199;--bs-secondary-rgb:0, 61, 101;--bs-success-rgb:25, 152, 0;--bs-info-rgb:30, 167, 237;--bs-warning-rgb:250, 166, 26;--bs-danger-rgb:233, 35, 35;--bs-light-rgb:232, 232, 232;--bs-dark-rgb:165, 165, 165;--bs-primary-text-emphasis:rgb(5.2, 44, 101.2);--bs-secondary-text-emphasis:rgb(43.2, 46.8, 50);--bs-success-text-emphasis:rgb(10, 54, 33.6);--bs-info-text-emphasis:rgb(5.2, 80.8, 96);--bs-warning-text-emphasis:rgb(102, 77.2, 2.8);--bs-danger-text-emphasis:rgb(88, 21.2, 27.6);--bs-light-text-emphasis:#495057;--bs-dark-text-emphasis:#495057;--bs-primary-bg-subtle:rgb(206.6, 226, 254.6);--bs-secondary-bg-subtle:rgb(225.6, 227.4, 229);--bs-success-bg-subtle:rgb(209, 231, 220.8);--bs-info-bg-subtle:rgb(206.6, 244.4, 252);--bs-warning-bg-subtle:rgb(255, 242.6, 205.4);--bs-danger-bg-subtle:rgb(248, 214.6, 217.8);--bs-light-bg-subtle:rgb(251.5, 252, 252.5);--bs-dark-bg-subtle:#ced4da;--bs-prim