Yellowfin

yellowfin

Vendor: Yellowfinbi • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-36389 1Yellowfinbi 1Yellowfin Nov 21, 2024 Oct 14, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImag...Show more In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".Show less
CVE-2021-36388 1Yellowfinbi 1Yellowfin Nov 21, 2024 Oct 14, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page...Show more In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".Show less
CVE-2021-36387 1Yellowfinbi 1Yellowfin Nov 21, 2024 Oct 14, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".