GHSA-4jqw-vfmj-9rmh, CVE-2021-36686
npm/yapi-vendor
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.
All versions up to 1.9.1
Unfortunately, there is no solution available yet.
2023-01-27
source |