Description
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
Remediation
References
https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui
Related Vulnerabilities
CVE-2021-23372 Vulnerability in npm package mongo-express
CVE-2022-41249 Vulnerability in maven package com.meowlomo.jenkins:scm-httpclient
CVE-2015-7559 Vulnerability in maven package org.apache.activemq:activemq-client
CVE-2022-24823 Vulnerability in maven package io.netty:netty-codec-http
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.twbs:bootstrap-sass