Description
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
Remediation
References
https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui
Related Vulnerabilities
CVE-2019-14262 Vulnerability in maven package com.drewnoakes:metadata-extractor
CVE-2018-1000844 Vulnerability in maven package com.squareup.retrofit2:converter-jaxb
CVE-2010-2245 Vulnerability in maven package org.apache.wink:wink-server
CVE-2019-19771 Vulnerability in npm package hdeky
CVE-2021-27515 Vulnerability in maven package org.webjars.npm:url-parse