CVE-2020-19587 - Vulnerability Details - OpenCVE

ReportizFlow

Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Idera	Yellowfin Business Intelligence

Configuration 1 [-]

cpe:2.3:a:idera:yellowfin_business_intelligence:7.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/Deepak983/CVE-2020-19587/blob/main/_Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf
https://www.linkedin.com/in/deepak-sharma-72a044b4/

History

Fri, 11 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00125}`	epss `{'score': 0.00126}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-09-14T02:54:44

Updated: 2024-08-04T14:15:27.659Z

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-19587

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-09-14T03:15:07.980

Modified: 2024-11-21T05:09:15.380

Link: CVE-2020-19587

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-14T02:54:44", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.linkedin.com/in/deepak-sharma-72a044b4/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Deepak983/CVE-2020-19587/blob/main/_Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2020-19587", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.linkedin.com/in/deepak-sharma-72a044b4/", "refsource": "MISC", "url": "https://www.linkedin.com/in/deepak-sharma-72a044b4/"}, {"name": "https://github.com/Deepak983/CVE-2020-19587/blob/main/_Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf", "refsource": "MISC", "url": "https://github.com/Deepak983/CVE-2020-19587/blob/main/_Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T14:15:27.659Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.linkedin.com/in/deepak-sharma-72a044b4/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Deepak983/CVE-2020-19587/blob/main/_Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-19587", "datePublished": "2022-09-14T02:54:44", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T14:15:27.659Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:idera:yellowfin_business_intelligence:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "AA250DD4-5120-4606-9701-B52FE501CC2F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross Site Scripting (XSS) en los par\u00e1metros configMap en Yellowfin Business Intelligence versi\u00f3n 7.3, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de la Interfaz de Usuario de Administraci\u00f3n MIAdminStyles.i4"}], "id": "CVE-2020-19587", "lastModified": "2024-11-21T05:09:15.380", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-09-14T03:15:07.980", "references": [{"source": "[email protected]", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://github.com/Deepak983/CVE-2020-19587/blob/main/_Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf"}, {"source": "[email protected]", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://www.linkedin.com/in/deepak-sharma-72a044b4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://github.com/Deepak983/CVE-2020-19587/blob/main/_Stored%20XSS%20in%20MIAdminStyles.i4%20through%20privileges%20escalation.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://www.linkedin.com/in/deepak-sharma-72a044b4/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}