5 matches found
CVE-2021-36389
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4"...
CVE-2021-36389
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4"...
CVE-2021-36389
CVE-2021-36389 affects Yellowfin prior to 9.6.1, where an Insecure Direct Object Reference on the MIImage.i4 page allows enumeration and download of uploaded images. The vulnerability arises from unauthorized access to image resources via a crafted HTTP GET request, enabling disclosure of uploade...
Yellowfin Cross Site Scripting / Insecure Direct Object Reference Vulnerabilities
Yellowfin versions prior to 9.6.1 suffer from persistent cross site scripting and insecure direct object reference vulnerabilities. YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected...
Yellowfin Cross Site Scripting / Insecure Direct Object Reference
YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected Products and Versions: =============================== Yellowfin 9.6.1 CVEID: ====== CVE-2021-36387 CVSSv3.1 Score: =============== 5.4...