Affected versions of
swagger-ui are vulnerable to cross-site scripting in both the
produces parameters of the swagger JSON document for a given API.
swagger-ui allows users to load arbitrary swagger JSON documents via the query string parameter
url, allowing an attacker to exploit this attack against any user that the attacker can convince to visit a crafted link.
Proof of Concept
Update to version 2.2.1 or later.
publishedAdvisory publishedJul 20th, 2016
reportedInitial report by Joe VennixJul 20th, 2016