Vulnerabilities > Ymfe > Yapi > 1.3.22

DATE CVE VULNERABILITY TITLE RISK
2021-03-01 CVE-2021-27884 Use of Insufficiently Random Values vulnerability in Ymfe Yapi
Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens.
local
low complexity
ymfe CWE-330
5.1
5.1
2018-09-28 CVE-2018-17574 Cross-site Scripting vulnerability in Ymfe Yapi 1.3.22
An issue was discovered in YMFE YApi 1.3.23.
network
low complexity
ymfe CWE-79
5.4
5.4