2 matches found
CVE-2016-1000229
Swagger-UI CVE-2016-1000229: Cross-site scripting via key names in the JSON document. Root cause: improper validation of user-supplied input in Swagger UI. Impact: remote attacker could execute script in a victim’s browser within the hosting site’s security context. Remediation (per Red Hat IBM a...
CVE-2016-5682
Swagger-UI is affected by an XSS vulnerability in the Definitions section via the Default field, affecting versions before 2.2.1. The issue allows a remote attacker to inject script that could run in a victim’s browser and potentially steal cookie-based credentials. Remediation per the provided s...