CVE-2020-19587

MEDIUM

Yellowfin Business Intelligence 7.3 - Stored Cross-Site Scripting via MIAdminStyles.i4 Admin UI

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-19587. PoCs published by Deepak983.

Description

Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.

Exploits (1)

nomisec NO CODE

by Deepak983 · poc

https://github.com/Deepak983/CVE-2020-19587

View Code ZIP pw:eip

References (2)

Core 2

Core References

Permissions Required, Third Party Advisory x_refsource_misc

https://www.linkedin.com/in/deepak-sharma-72a044b4/

Exploit, Technical Description, Third Party Advisory x_refsource_misc

https://github.com/Deepak983/CVE-2020-19587/blob/main/_Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0070

EPSS Percentile 48.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

idera/yellowfin_business_intelligence 7.3

Published Sep 14, 2022

Tracked Since Feb 18, 2026