Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.
Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.
Weak JSON Web Token (JWT) signing secret generation in YMFE YApi allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.
An issue was discovered in YMFE YApi There is stored XSS in the name field of a project.