CVE-2019-1010147

Name of the Vulnerable Software and Affected Versions: Yellowfin Smart Reporting versions prior to 7.3

Description: The issue is related to incorrect access control, allowing privileges escalation. This can be exploited through a web site under the attacker's control, where the victim is lured and the XSS vulnerability is silently exploited, granting access to admin functionality. The component affected is MIAdminStyles.i4.

Recommendations: For versions prior to 7.3, update to version 7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the MIAdminStyles.i4 component to minimize the risk of exploitation.