Description
Swagger UI is a tool to visualize and interact with your APIs. Certain versions of Swagger UI (between 3.14.1 and 3.38.0) are vulnerable to a DOM-based XSS vulnerability because they are using an outdated version of the library DOMPurify.
Remediation
Upgrade to the latest version of Swagger UI.
References
Related Vulnerabilities
WordPress 4.9.x Arbitrary File Deletion Vulnerability (4.9 - 4.9.6)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-9547)
MySQL CVE-2019-2830 Vulnerability (CVE-2019-2830)
Zenphoto Other Vulnerability (CVE-2006-2186)
Oracle Database Server CVE-2016-0472 Vulnerability (CVE-2016-0472)