Lucene search
+L

5 matches found

OSV
OSV
added 2021/10/14 7:15 p.m.4 views

CVE-2021-36388

In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4"...

7.5CVSS7.1AI score0.03053EPSS
Exploits2References5
NVD
NVD
added 2021/10/14 7:15 p.m.23 views

CVE-2021-36388

In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4"...

7.5CVSS0.03053EPSS
Exploits2References5
CVE
CVE
added 2021/10/14 6:16 p.m.80 views

CVE-2021-36388

Yellowfin before 9.6.1 is affected by an Insecure Direct Object Reference that allows enumeration and download of user profile pictures via the MIIAvatarImage.i4 page. Affected version: Yellowfin prior to 9.6.1. Root cause: insecure access to user avatars. Impact: potential exposure of profile im...

7.5CVSS7.5AI score0.03053EPSS
Exploits2References5Affected Software1
Packet Storm
Packet Storm
added 2021/10/14 12:0 a.m.327 views

Yellowfin Cross Site Scripting / Insecure Direct Object Reference

YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected Products and Versions: =============================== Yellowfin 9.6.1 CVEID: ====== CVE-2021-36387 CVSSv3.1 Score: =============== 5.4...

6.4AI score0.03053EPSS
Exploits2
0day.today
0day.today
added 2021/10/14 12:0 a.m.245 views

Yellowfin Cross Site Scripting / Insecure Direct Object Reference Vulnerabilities

Yellowfin versions prior to 9.6.1 suffer from persistent cross site scripting and insecure direct object reference vulnerabilities. YELLOWFIN 9.6.1 MULTIPLE VULNERABILITIES ---------------------------------------------------- Vulnerability: ============== Stored Cross-Site Scripting Affected...

7.5CVSS6.4AI score0.03053EPSS
Exploits2
Rows per page
Query Builder