Cross-Site Scripting in swagger-ui

Published: Sep 11, 2020
Updated: Apr 14, 2023
GHSA: <a href="https://github.com/advisories/GHSA-vp93-gcx5-4w52" target="_blank" rel="noopener"> GHSA-vp93-gcx5-4w52
Severity: Medium
Exploit:

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize JSON schemas, allowing attackers to execute arbitrary JavaScript using <script> tags in the method descriptions.