Michele Di Bonaventura

1 exploit Active since Oct 2021
CVE-2021-36387 WRITEUP MEDIUM WRITEUP
Yellowfin < 9.6.1 - Stored Cross-Site Scripting via Video Embed Functionality
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".
CVSS 5.4