Medium severity6.1NVD Advisory· Published Apr 10, 2017· Updated May 13, 2026
CVE-2016-5682
CVE-2016-5682
Description
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
swagger-uinpm | < 2.2.1 | 2.2.1 |
Affected products
1- Range: Swagger-UI before 2.2.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- community.rapid7.com/community/infosec/blog/2016/09/02/r7-2016-19-persistent-xss-via-unescaped-parameters-in-swagger-uinvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-p239-93f7-h6xfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-5682ghsaADVISORY
- github.com/swagger-api/swagger-ui/issues/1865ghsaWEB
- www.npmjs.com/advisories/126ghsaWEB
News mentions
0No linked articles in our index yet.