Lucene search
MitreCVELIST:CVE-2021-36387HistoryOct 14, 2021 - 6:01 p.m.
CVE-2021-36387
2021-10-1418:01:38
mitre
www.cve.org
2
yellowfin
stored cross-site scripting
vulnerability
video embed
http post
activitystreamajax.i4
EPSS
0.002
Percentile
57.8%
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page “ActivityStreamAjax.i4”.
References
packetstormsecurity.com/files/164515/Yellowfin-Cross-Site-Scripting-Insecure-Direct-Object-Reference.html
seclists.org/fulldisclosure/2021/Oct/15
cyberaz0r.info/2021/10/yellowfin-multiple-vulnerabilities/
github.com/cyberaz0r/Yellowfin-Multiple-Vulnerabilities/blob/main/README.md
packetstormsecurity.com/files/164515/Yellowfin-Cross-Site-Scripting-Insecure-Direct-Object-Reference.html
wiki.yellowfinbi.com/display/yfcurrent/Release+Notes+for+Yellowfin+9#ReleaseNotesforYellowfin9-Yellowfin9.6
Related
cve
cve
CVE-2021-36387
2021-10-14 19:15:09
nvd
nvd
CVE-2021-36387
2021-10-14 19:15:09
vulnrichment
vulnrichment
CVE-2021-36387
2021-10-14 18:01:38
cnvd
cnvd
Yellowfin Cross-Site Scripting Vulnerability
2021-10-15 00:00:00
prion
prion
Cross site scripting
2021-10-14 19:15:00
packetstorm
packetstorm
Yellowfin Cross Site Scripting / Insecure Direct Object Reference
2021-10-14 00:00:00
zdt
zdt