Lucene search
K

114 matches found

NVD
NVD
added 2021/02/03 8:15 p.m.27 views

CVE-2020-9389

A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames...

4.3CVSS0.0093EPSS
Exploits0References2
Prion
Prion
added 2021/02/03 8:15 p.m.14 views

Cross site request forgery (csrf)

CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard...

4.3CVSS6.6AI score0.00777EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/02/03 8:15 p.m.16 views

Cross site scripting

SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script...

3.5CVSS5.2AI score0.00873EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/02/03 7:3 p.m.23 views

CVE-2020-9389

A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames...

4.2AI score0.0093EPSS
Exploits0References2
CVE
CVE
added 2021/02/03 7:3 p.m.48 views

CVE-2020-9389

SquaredUp CVE-2020-9389 affects SquaredUp before version 4.6.0. The vulnerability is a username enumeration flaw caused by a timing-based difference in login responses, enabling a malicious user to guess valid usernames. CVSS v3.1 base score is 3.7 (LOW) with network attack vector and high attack...

4.3CVSS4.2AI score0.0093EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/02/03 12:0 a.m.4 views

PT-2021-12848 · Squaredup · Squaredup

Name of the Vulnerable Software and Affected Versions: SquaredUp versions prior to 4.6.0 Description: The issue allows for a potential CSRF attack, where an administrator could execute arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a...

6.5CVSS6.7AI score0.00777EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2021/02/03 12:0 a.m.4 views

PT-2021-12850 · Squaredup · Squaredup

Name of the Vulnerable Software and Affected Versions: SquaredUp versions prior to 4.6.0 Description: The issue allows for Stored XSS attacks. A user can create a dashboard that executes malicious content in an iframe or by uploading an SVG that contains a script. Recommendations: For versions...

5.4CVSS5.1AI score0.00873EPSS
Exploits0References7
CVE
CVE
added 2021/02/03 12:0 a.m.55 views

CVE-2020-9390

SquaredUp versions prior to 4.6.0 are affected by a Stored XSS vulnerability that lets a user create a dashboard that executes malicious content in an iframe or by uploading an SVG containing a script. The issue is publicly documented with remediation guidance: upgrade to version 4.6.0 or later; ...

5.4CVSS5.1AI score0.00873EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/02/03 12:0 a.m.53 views

CVE-2020-9388

CVE-2020-9388 affects SquaredUp prior to version 4.6.0, where CSRF protection is not present. An administrator could trigger a CSRF attack by executing arbitrary code in a HTML dashboard tile via a crafted HTML page or by uploading a malicious SVG payload into a dashboard. The vulnerability’s imp...

6.5CVSS6.6AI score0.00777EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/02/03 12:0 a.m.7 views

Squaredup 跨站脚本漏洞

Squaredup is a web service from Squaredup UK that provides data monitoring capabilities for cloud environments. A cross-site scripting vulnerability exists in SquaredUp versions prior to 4.6.0, which can be exploited by a user to create a dashboard, execute malicious content in an iframe, or uplo...

5.4CVSS6AI score0.00873EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/03 12:0 a.m.6 views

Squaredup 跨站请求伪造漏洞

Squaredup is a web service from Squaredup UK that provides data monitoring capabilities for cloud environments. A cross-site request forgery vulnerability exists in SquaredUp versions prior to 4.6.0, which can be exploited by an attacker to execute arbitrary code...

6.5CVSS6.8AI score0.00777EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/02/03 12:0 a.m.26 views

CVE-2020-9388

CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard...

6.7AI score0.00777EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/02/03 12:0 a.m.17 views

CVE-2020-9390

SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script...

5.2AI score0.00873EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/02/03 12:0 a.m.7 views

Squaredup 安全漏洞

Squaredup, a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments, has a security vulnerability that could be exploited by attackers to guess a valid user name...

4.3CVSS5.8AI score0.0093EPSS
Exploits0References3
Rows per page
Query Builder