CVE-2021-36686

Description

Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.

Affected packages (1)

• npm/yapi-vendorfrom 0, <= 1.9.1

CVSS scores

References (4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-36686
• PATCHhttps://github.com/YMFE/yapi
• WEBhttps://github.com/YMFE/yapi/issues/2190
• WEBhttps://github.com/YMFE/yapi/issues/2240