Swagger UI is a popular library used to beautify API specifications and render it to the users. Swagger UI versions 3.14.1 to 3.37.2 suffer from a DOM Cross-Site Scripting (XSS) vulnerability due to an outdated `DomPurify` embedded library and a feature available in the Swagger UI library itself which allows to fetch a remote API specifications file.

By crafting a malicious specification file and link it through Swagger UI, an attacker could leverage this vulnerability to execute arbitrary JavaScript in the context of the victim user and conduct advanced attacks.Read More