Name of the Vulnerable Software and Affected Versions swagger-ui versions prior to 2.2.1

Description The issue arises from the failure to encode output in GET requests. Normally, the response has a Content-Type of application/json, which does not trigger the issue. However, if the web server alters the header to text/html, it may enable attackers to execute arbitrary JavaScript, leading to Cross-Site Scripting (XSS).

Recommendations Upgrade to version 2.2.1 or later.