Vulnerabilities > Ymfe
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2021-36686 | Cross-site Scripting vulnerability in Ymfe Yapi 1.9.1 Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page. | 5.4 |
| 2021-03-01 | CVE-2021-27884 | Use of Insufficiently Random Values vulnerability in Ymfe Yapi 1.3.22 Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. | 3.6 |
| 2018-09-28 | CVE-2018-17574 | Cross-site Scripting vulnerability in Ymfe Yapi 1.3.22 An issue was discovered in YMFE YApi 1.3.23. | 3.5 |