CVE-2021-36686

CVSS V2 None CVSS V3 None

Description

Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.

Overview

CVE ID
CVE-2021-36686

Assigner
cve@mitre.org

Vulnerability Status
Modified

Published Version
2023-01-26T21:15:24

Last Modified Date
2023-02-21T18:15:11

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:ymfe:yapi:1.9.1:::::::*	1	OR

References

Reference URL	Reference Tags
https://github.com/YMFE/yapi/issues/2190	Exploit Third Party Advisory
https://github.com/YMFE/yapi/issues/2240

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2021-36686
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36686

History

Created	Old Value	New Value	Data Type	Notes
2023-01-26 23:16:11				Added to TrackCVE
2023-01-27 15:14:36		2023-01-27T14:03:45	CVE Modified Date	updated
2023-01-27 15:14:36	Received	Awaiting Analysis	Vulnerability Status	updated
2023-01-31 17:14:30	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated
2023-02-01 16:15:34		2023-02-01T15:45:50	CVE Modified Date	updated
2023-02-01 16:15:34	Undergoing Analysis	Analyzed	Vulnerability Status	updated
2023-02-01 16:15:34			Weakness Enumeration	new
2023-02-01 16:15:35			CPE Information	updated
2023-02-21 19:17:16		2023-02-21T18:15:11	CVE Modified Date	updated
2023-02-21 19:17:16	Analyzed	Modified	Vulnerability Status	updated
2023-02-21 19:17:17			References	updated