Cross-Site Scripting

2019-06-18T21:54:13
ID NODEJS:988
Type nodejs
Reporter Dinis Cruz
Modified 2021-09-23T07:57:58

Description

Overview

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting (XSS). The package allows HTML code in the swagger.apiInfo.description value without proper sanitization, which may allow attackers to execute arbitrary JavaScript.

Recommendation

Upgrade to version 2.2.1 or later.

References