CVE-2016-1000229 – swagger-ui: cross-site scripting in key names

https://notcve.org/view.php?id=CVE-2016-1000229

swagger-ui has XSS in key names swagger-ui presenta una vulnerabilidad de tipo XSS en nombres claves. It was found that swagger-ui contains a cross site scripting (XSS) vulnerability in the key names in the JSON document. An attacker could use this flaw to supply a key name with script tags which could cause arbitrary code execution. Additionally it is possible to load the arbitrary JSON files remotely via the URL query-string parameter. • https://github.com/ossf-cve-benchmark/CVE-2016-1000229 http://www.securityfocus.com/bid/97580 https://access.redhat.com/errata/RHSA-2017:0868 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000229 https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000229.json https://access.redhat.com/security/cve/CVE-2016-1000229 https://bugzilla.redhat.com/show_bug.cgi?id=1360275 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •