114 matches found
CVE-2020-9389
A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames...
Cross site request forgery (csrf)
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard...
Cross site scripting
SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script...
CVE-2020-9389
A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames...
CVE-2020-9389
SquaredUp CVE-2020-9389 affects SquaredUp before version 4.6.0. The vulnerability is a username enumeration flaw caused by a timing-based difference in login responses, enabling a malicious user to guess valid usernames. CVSS v3.1 base score is 3.7 (LOW) with network attack vector and high attack...
PT-2021-12848 · Squaredup · Squaredup
Name of the Vulnerable Software and Affected Versions: SquaredUp versions prior to 4.6.0 Description: The issue allows for a potential CSRF attack, where an administrator could execute arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a...
PT-2021-12850 · Squaredup · Squaredup
Name of the Vulnerable Software and Affected Versions: SquaredUp versions prior to 4.6.0 Description: The issue allows for Stored XSS attacks. A user can create a dashboard that executes malicious content in an iframe or by uploading an SVG that contains a script. Recommendations: For versions...
CVE-2020-9390
SquaredUp versions prior to 4.6.0 are affected by a Stored XSS vulnerability that lets a user create a dashboard that executes malicious content in an iframe or by uploading an SVG containing a script. The issue is publicly documented with remediation guidance: upgrade to version 4.6.0 or later; ...
CVE-2020-9388
CVE-2020-9388 affects SquaredUp prior to version 4.6.0, where CSRF protection is not present. An administrator could trigger a CSRF attack by executing arbitrary code in a HTML dashboard tile via a crafted HTML page or by uploading a malicious SVG payload into a dashboard. The vulnerability’s imp...
Squaredup 跨站脚本漏洞
Squaredup is a web service from Squaredup UK that provides data monitoring capabilities for cloud environments. A cross-site scripting vulnerability exists in SquaredUp versions prior to 4.6.0, which can be exploited by a user to create a dashboard, execute malicious content in an iframe, or uplo...
Squaredup 跨站请求伪造漏洞
Squaredup is a web service from Squaredup UK that provides data monitoring capabilities for cloud environments. A cross-site request forgery vulnerability exists in SquaredUp versions prior to 4.6.0, which can be exploited by an attacker to execute arbitrary code...
CVE-2020-9388
CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard...
CVE-2020-9390
SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script...
Squaredup 安全漏洞
Squaredup, a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments, has a security vulnerability that could be exploited by attackers to guess a valid user name...