CVE-2021-36686
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in npm/yapi-vendor
Identifiers
GHSA-4jqw-vfmj-9rmh, CVE-2021-36686
Package Slug
npm/yapi-vendor
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.
Affected Versions
All versions up to 1.9.1
Solution
Unfortunately, there is no solution available yet.
Last Modified
2023-01-27
| source |