Description Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. Remediation References CVE-2016-5682 Related Vulnerabilities Jenkins Missing Authorization Vulnerability (CVE-2021-21688) YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3004) WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (1.6.9) WordPress Plugin Calendar_plugin Cross-Site Scripting (1.0) MediaWiki Other Vulnerability (CVE-2005-2215) Severity Medium Classification CVE-2016-5682 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities