Description
Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.
Remediation
References
https://github.com/YMFE/yapi/issues/2190
https://github.com/YMFE/yapi/issues/2240
Related Vulnerabilities
CVE-2020-28269 Vulnerability in npm package field
CVE-2023-37949 Vulnerability in maven package io.jenkins.plugins:macstadium-orka
CVE-2016-0710 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed-security
CVE-2020-7793 Vulnerability in npm package ua-parser-js
CVE-2022-45143 Vulnerability in maven package org.apache.tomcat:tomcat-util