CVE-2020-19587

MEDIUM

Idera Yellowfin Business Intelligence - XSS

Title source: rule

Description

Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.

Exploits (1)

nomisec NO CODE

by Deepak983 · poc

https://github.com/Deepak983/CVE-2020-19587

View Code ZIP pw:eip

References (2)

Core 2

Core References

Permissions Required, Third Party Advisory x_refsource_misc

https://www.linkedin.com/in/deepak-sharma-72a044b4/

Exploit, Technical Description, Third Party Advisory x_refsource_misc

https://github.com/Deepak983/CVE-2020-19587/blob/main/_Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0021

EPSS Percentile 43.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

idera/yellowfin_business_intelligence 7.3

Published Sep 14, 2022

Tracked Since Feb 18, 2026