Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Yellowfin Security Vulnerabilities

cve
cve

CVE-2021-36387

In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".

5.4CVSS

5.4AI Score

0.002EPSS

2021-10-14 07:15 PM
61
cve
cve

CVE-2021-36388

In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".

7.5CVSS

7.5AI Score

0.006EPSS

2021-10-14 07:15 PM
55
cve
cve

CVE-2021-36389

In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".

7.5CVSS

7.5AI Score

0.006EPSS

2021-10-14 07:15 PM
57