You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To reproduce, insert a <script> into the description of a method in the JSON schema. An example sinatra server is attached. To reproduce, go to the URL:
It would be a good idea to move any inline <script> tags into their own files, and add a CSP <meta> tag that prevents inline scripts from running. That would prevent most of these reflected XSS vulns.
To reproduce, insert a
<script>
into thedescription
of a method in the JSON schema. An example sinatra server is attached. To reproduce, go to the URL:http://swaggerhost/index.html?url=http://localhost:4567/swagger.json#!/pet/getPetById
And you will see an
alert()
.The sinatra server script can be downloaded here:
https://gist.github.com/joevennix/effa381d5fa520662b07
The text was updated successfully, but these errors were encountered: