Vulnerabilities > Yellowfinbi

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-14	CVE-2021-36387	Cross-site Scripting vulnerability in Yellowfinbi Yellowfin In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4". network low complexity yellowfinbi CWE-79	5.4
2021-10-14	CVE-2021-36388	Authorization Bypass Through User-Controlled Key vulnerability in Yellowfinbi Yellowfin In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4". network low complexity yellowfinbi CWE-639	7.5
2021-10-14	CVE-2021-36389	Authorization Bypass Through User-Controlled Key vulnerability in Yellowfinbi Yellowfin In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4". network low complexity yellowfinbi CWE-639	7.5
2019-07-26	CVE-2019-1010147	Cross-site Scripting vulnerability in multiple products Yellowfin Smart Reporting All Versions Prior to 7.3 is affected by: Incorrect Access Control - Privileges Escalation. network bmc yellowfinbi CWE-79	3.5

Vulnerabilities > Yellowfinbi {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Yellowfinbi"}]}