Description
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
Remediation
References
https://community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-ui
Related Vulnerabilities
CVE-2019-19466 Vulnerability in npm package sceditor
CVE-2013-4590 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap
CVE-2019-10282 Vulnerability in maven package hudson.plugins.klaros:klaros-testmanagement
CVE-2020-2149 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector