Description
Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.
Remediation
References
https://github.com/YMFE/yapi/issues/2190
https://github.com/YMFE/yapi/issues/2240
Related Vulnerabilities
CVE-2018-14042 Vulnerability in maven package org.webjars.bower:bootstrap
CVE-2022-31197 Vulnerability in maven package org.postgresql:postgresql
CVE-2021-41182 Vulnerability in maven package org.webjars:jquery-ui
CVE-2021-21321 Vulnerability in npm package fastify-reply-from
CVE-2021-44878 Vulnerability in maven package org.pac4j:pac4j-core