Description
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
Remediation
References
https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui
Related Vulnerabilities
CVE-2021-23337 Vulnerability in maven package org.webjars:lodash
CVE-2022-40929 Vulnerability in maven package com.xuxueli:xxl-job-core
CVE-2023-32007 Vulnerability in maven package org.apache.spark:spark-core_2.13
CVE-2021-23346 Vulnerability in npm package html-parse-stringify2
CVE-2021-4133 Vulnerability in maven package org.keycloak:keycloak-services