0.001 Low
EPSS
Percentile
19.5%
yapi-cli is vulnerable to a cross-site scripting (XSS) attack. The library does not sanitize or validate the projectName variable, allowing a malicious user to inject and execute arbitrary Javascript.
projectName
github.com/YMFE/yapi/commit/80c3d5fa1c54eb21a7e88ad141d69552eb39f99a
github.com/YMFE/yapi/issues/520