Vulnerabilities > Ymfe > Yapi > 1.3.22
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-01 | CVE-2021-27884 | Use of Insufficiently Random Values vulnerability in Ymfe Yapi 1.3.22 Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. | 3.6 |
| 2018-09-28 | CVE-2018-17574 | Cross-site Scripting vulnerability in Ymfe Yapi 1.3.22 An issue was discovered in YMFE YApi 1.3.23. | 3.5 |