Lucene search

[email protected]CVE-2021-40093

HistoryDec 07, 2021 - 1:15 p.m.

CVE-2021-40093

2021-12-0713:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2021-40093

cross-site scripting

xss

vulnerability

squaredup

scom

nvd

integration configuration

remote attackers

web script

html

dashboard actions

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.3%

JSON

A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions.

Affected configurations

NVD

Node

squaredupsquaredupRange<5.3.1azure

squaredupsquaredupRange<5.3.1community

squaredupsquaredupRange<5.3.1system_center_operations_manager

CPENameOperatorVersion
squaredup:squaredupsquareduplt5.3.1

CPE	Name	Operator	Version
squaredup:squaredup	squaredup	lt	5.3.1

References

support.squaredup.com

support.squaredup.com/hc/en-us/articles/4410635418257-CVE-2021-40093-Stored-cross-site-scripting-Action-Buttons-

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.3%

JSON

Related for CVE-2021-40093

cvelist1 cnvd1 nvd1 prion1