PT-2020-21525 · Swagger · Swagger-Ui

Published

2020-09-11

·

Updated

2020-09-11

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions swagger-ui versions prior to 2.2.1
Description The issue is related to Cross-Site Scripting (XSS) due to the failure to sanitize JSON schemas. This allows attackers to execute arbitrary JavaScript using <script> tags in method descriptions.
Recommendations Upgrade to version 2.2.1 or later.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

GHSA-VP93-GCX5-4W52

Affected Products

Swagger-Ui