[yapi-vendor] Cross-site Scripting in yapi-vendor

Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-36686
• https://github.com/YMFE/yapi/issues/2190
• https://github.com/advisories/GHSA-4jqw-vfmj-9rmh