Vulnerabilities > Ymfe > Yapi > 1.9.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-26 | CVE-2021-36686 | Cross-site Scripting vulnerability in Ymfe Yapi 1.9.1 Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page. | 5.4 |
| 2021-03-01 | CVE-2021-27884 | Use of Insufficiently Random Values vulnerability in Ymfe Yapi Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. | 5.1 |