Description
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
Remediation
References
https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui
Related Vulnerabilities
CVE-2011-4838 Vulnerability in maven package org.jruby:jruby
CVE-2017-16103 Vulnerability in npm package serveryztyzt
CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2018-8039 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http
CVE-2020-28439 Vulnerability in npm package corenlp-js-prefab