Arbitrary Code Execution via Cross Site Scripting (XSS) in Yellowfin Business Intelligence 7.3

Arbitrary Code Execution via Cross Site Scripting (XSS) in Yellowfin Business Intelligence 7.3

CVE-2020-19587 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.

Learn more about our Web Application Penetration Testing UK.