Description
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
Remediation
References
https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui
Related Vulnerabilities
CVE-2017-5929 Vulnerability in maven package ch.qos.logback:logback-core
CVE-2020-1948 Vulnerability in maven package org.apache.dubbo:dubbo-rpc
CVE-2019-10382 Vulnerability in maven package org.jenkins-ci.plugins:labmanager
CVE-2023-2479 Vulnerability in npm package appium-desktop
CVE-2021-34429 Vulnerability in maven package org.eclipse.jetty:jetty-webapp