Description
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
Remediation
References
https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui
Related Vulnerabilities
CVE-2018-11761 Vulnerability in maven package org.apache.tika:tika-parsers
CVE-2019-10174 Vulnerability in maven package org.infinispan:infinispan-commons
CVE-2019-10309 Vulnerability in maven package org.jenkins-ci.plugins:swarm
CVE-2021-23383 Vulnerability in maven package org.webjars.npm:handlebars
CVE-2022-45388 Vulnerability in maven package net.praqma:config-rotator