yapi-vendor is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to insufficient input validation in its Advanced Expectation - Response module, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field.
CPE | Name | Operator | Version |
---|---|---|---|
yapi-vendor | le | 1.12.0 | |
yapi-vendor | le | 1.12.0 |