Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting

May 6, 2016 007admin

Posted by Julien Ahrens on May 06

RCE Security Advisory
https://www.rcesecurity.com

1. ADVISORY INFORMATION
=======================
Product: Swagger Editor
Vendor URL: https://github.com/swagger-api/swagger-editor
Type: Cross-Site Scripting [CWE-79]
Date found: 2015-04-07
Date published: 2016-05-03
CVSSv3 Score: 6.3 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVE: –

2. CREDITS
==========
This vulnerability was discovered and researched by Julien…

007 Software

Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting

Software and Security Information