CVE-2021-36387

Name of the Vulnerable Software and Affected Versions Yellowfin versions prior to 9.6.1

Description The issue is related to a Stored Cross-Site Scripting vulnerability in the video embed functionality. It can be exploited through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".

Recommendations For versions prior to 9.6.1, update to version 9.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "ActivityStreamAjax.i4" page to minimize the risk of exploitation.