Vulnerabilities > Yellowfinbi

DATE CVE VULNERABILITY TITLE RISK
2022-09-14 CVE-2020-19586 Cross-site Scripting vulnerability in Yellowfinbi Business Intelligence 7.3
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.
network
low complexity
yellowfinbi CWE-79
critical
9.0
2021-10-14 CVE-2021-36387 Cross-site Scripting vulnerability in Yellowfinbi Yellowfin
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".
network
low complexity
yellowfinbi CWE-79
5.4
2021-10-14 CVE-2021-36388 Authorization Bypass Through User-Controlled Key vulnerability in Yellowfinbi Yellowfin
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".
network
low complexity
yellowfinbi CWE-639
7.5
2021-10-14 CVE-2021-36389 Authorization Bypass Through User-Controlled Key vulnerability in Yellowfinbi Yellowfin
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".
network
low complexity
yellowfinbi CWE-639
7.5
2019-07-26 CVE-2019-1010147 Cross-site Scripting vulnerability in multiple products
Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation.
network
low complexity
yellowfinbi bmc CWE-79
5.4