Swagger Petstore Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability exists in Swagger Petstore version 1.0.7. This issue allows remote attackers to execute arbitrary scripts by injecting them into the 'name' parameter of the '/api/v3/pet' endpoint. The application fails to properly filter or encode user input, leading to the execution of malicious scripts in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, send a POST request to the '/api/v3/pet' endpoint with a malicious script payload injected into the 'name' parameter. The server's lack of input validation will result in the script being stored in the database. When the pet's details are viewed on the front end, the injected script will execute, demonstrating the cross-site scripting vulnerability.