An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests
CVSS Score
7.4
EPSS Score
0.0
Published
2026-02-23
Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-01-26
Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. This occurs because Math.random in Node.js is used.
CVSS Score
5.1
EPSS Score
0.001
Published
2021-03-01
An issue was discovered in YMFE YApi 1.3.23. There is stored XSS in the name field of a project.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-09-28