Severity: moderate

Cross-Site Scripting



Versions of swagger-ui prior to 3.0.13 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize YAML files imported from URLs or copied-pasted. This may allow attackers to execute arbitrary JavaScript.


Upgrade to version 3.0.13 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Jul 16th, 2019
  2. reported

    Reported by webron
    Jun 1st, 2017