CVE-2020-19586 | SynScan

Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-19586

Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.

Published: Sep 14, 2022
Updated: Apr 13, 2023
CVE: CVE-2020-19586
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
yellowfinbi / business_intelligence	7.3	7.3.x

https://github.com/Deepak983/CVE-2020-19586/blob/main/Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf