Home

Description

In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".

PUBLISHED Reserved 2021-07-12 | Published 2021-10-14 | Updated 2024-08-04 | Assigner mitre

References

packetstormsecurity.com/...cure-Direct-Object-Reference.html

wiki.yellowfinbi.com/...urrent/Release+Notes+for+Yellowfin+9

packetstormsecurity.com/...cure-Direct-Object-Reference.html

github.com/...n-Multiple-Vulnerabilities/blob/main/README.md

seclists.org/fulldisclosure/2021/Oct/15 (20211019 Yellowfin < 9.6.1 Multiple Vulnerabilities) mailing-list

cyberaz0r.info/2021/10/yellowfin-multiple-vulnerabilities/

cve.org (CVE-2021-36387)

nvd.nist.gov (CVE-2021-36387)

Download JSON