Cross-Site Scripting in swagger-ui

Published: Sep 11, 2020
Updated: Apr 14, 2023
GHSA: <a href="https://github.com/advisories/GHSA-w992-2gmj-9xxj" target="_blank" rel="noopener"> GHSA-w992-2gmj-9xxj
Severity: Medium
Exploit:

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting (XSS). The package allows HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript.