3 matches found
CVE-2021-36387
CVE-2021-36387 affects Yellowfin versions prior to 9.6.1. The vulnerability is a Stored Cross-Site Scripting in the video embed feature, exploitable via a specially crafted HTTP POST to ActivityStreamAjax.i4. Impact is cross-site scripting with Low confidentiality/Integrity impact (per CVSS) and ...
Yellowfin Cross Site Scripting / Insecure Direct Object Reference Vulnerabilities
Yellowfin versions prior to 9.6.1 suffer from persistent cross site scripting and insecure direct object reference vulnerabilities. YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected...
Yellowfin Cross Site Scripting / Insecure Direct Object Reference
YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected Products and Versions: =============================== Yellowfin 9.6.1 CVEID: ====== CVE-2021-36387 CVSSv3.1 Score: =============== 5.4...