Lucene search
K

114 matches found

Cvelist
Cvelist
added 2021/12/07 12:42 p.m.21 views

CVE-2021-40092

A cross-site scripting XSS vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file...

5.5AI score0.00585EPSS
Exploits0References2
CVE
CVE
added 2021/12/07 12:42 p.m.34 views

CVE-2021-40092

The CVE-2021-40092 entry describes a cross-site scripting (XSS) vulnerability in the Image Tile feature of SquaredUp for SCOM 5.2.1.6654. The issue allows remote attackers to inject arbitrary web script or HTML via an SVG file. Connected sources corroborate the same description across multiple fe...

5.4CVSS5.2AI score0.00585EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.5 views

Squaredup 跨站脚本漏洞

A cross-site scripting vulnerability exists in Squaredup for SCOM version 5.2.1.6654, which could be exploited by remote attackers to inject malicious code into a user's device...

5.4CVSS5.3AI score0.00458EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.3 views

Squaredup 跨站脚本漏洞

A cross-site scripting vulnerability exists in the integration configuration of SquaredUp for SCOM version 5.2.1.6654, which could be exploited by remote attackers to inject arbitrary web script or HTML via an authorized URL in certain integration configurations. authorized URL in some integratio...

5.4CVSS5.4AI score0.00742EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.5 views

Squaredup安全漏洞

Squaredup is a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments. a file inclusion vulnerability in the download logging functionality in SquaredUp for SCOM version 5.2.1.6654 System/Maintenance could be exploited to read arbitrary files on the server...

4.9CVSS5.8AI score0.00981EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.5 views

SquaredUp跨站脚本漏洞

A cross-site scripting vulnerability exists in the integration configuration of SquaredUp for SCOM version 5.2.1.6654, which could be exploited by remote attackers to inject arbitrary web scripts or HTML...

5.4CVSS5.4AI score0.00585EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/07 12:0 a.m.4 views

Squaredup 跨站脚本漏洞

Squaredup is a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments. a cross-site scripting vulnerability exists in Image Tile in SquaredUp for SCOM version 5.2.1.6654, which can be exploited by remote attackers to inject arbitrary Web scripts or HTML...

5.4CVSS5.4AI score0.00585EPSS
Exploits0References2
OSV
OSV
added 2021/12/06 9:15 p.m.5 views

CVE-2021-40091

An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654...

9.8CVSS7.3AI score0.01056EPSS
Exploits0References2
NVD
NVD
added 2021/12/06 9:15 p.m.18 views

CVE-2021-40091

An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654...

9.8CVSS0.01056EPSS
Exploits0References2
Prion
Prion
added 2021/12/06 9:15 p.m.12 views

Server side request forgery (ssrf)

An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654...

7.5CVSS9.4AI score0.01056EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/12/06 8:8 p.m.48 views

CVE-2021-40091

CVE-2021-40091 describes an SSRF vulnerability in SquaredUp for SCOM 5.2.1.6654 . The affected product is SquaredUp for SCOM; the root cause is an SSRF issue. Impact details from the entry include high severity with network attack vector and low attack complexity, with both confidentiality, integ...

9.8CVSS9.4AI score0.01056EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/12/06 8:8 p.m.21 views

CVE-2021-40091

An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654...

9.7AI score0.01056EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/06 12:0 a.m.5 views

Squaredup 代码问题漏洞

Squaredup is a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments. SSRF vulnerabilities exist in SquaredUp for SCOM, and no detailed vulnerability details are available...

9.8CVSS5.5AI score0.01056EPSS
Exploits0References2
CNVD
CNVD
added 2021/02/05 12:0 a.m.7 views

Squaredup Cross-Site Scripting Vulnerability

Squaredup is a web service from Squaredup UK that provides data monitoring capabilities for cloud environments. A cross-site scripting vulnerability exists in SquaredUp versions prior to 4.6.0, which can be exploited by a user to create a dashboard, execute malicious content in an iframe, or uplo...

5.4CVSS6.3AI score0.00873EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/05 12:0 a.m.4 views

SquaredUp Cross-Site Request Forgery Vulnerability

Squaredup is a web service from Squaredup UK that provides data monitoring capabilities for cloud environments. A cross-site request forgery vulnerability exists in SquaredUp versions prior to 4.6.0, which can be exploited by an attacker to execute arbitrary code...

6.5CVSS7.4AI score0.00777EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/05 12:0 a.m.17 views

Squaredup has an unspecified vulnerability

Squaredup, a Web service from Squaredup UK that provides data monitoring capabilities for cloud environments, has a security vulnerability that could be exploited by attackers to guess a valid user name...

4.3CVSS4.1AI score0.0093EPSS
Exploits0References1
OSV
OSV
added 2021/02/03 8:15 p.m.6 views

CVE-2020-9389

A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames...

3.7CVSS5.8AI score0.0093EPSS
Exploits0References2
NVD
NVD
added 2021/02/03 8:15 p.m.16 views

CVE-2020-9390

SquaredUp allowed Stored XSS before version 4.6.0. A user was able to create a dashboard that executed malicious content in iframe or by uploading an SVG that contained a script...

5.4CVSS0.00873EPSS
Exploits0References3
NVD
NVD
added 2021/02/03 8:15 p.m.26 views

CVE-2020-9389

A username enumeration issue was discovered in SquaredUp before version 4.6.0. The login functionality was implemented in a way that would enable a malicious user to guess valid username due to a different response time from invalid usernames...

4.3CVSS0.0093EPSS
Exploits0References2
NVD
NVD
added 2021/02/03 8:15 p.m.20 views

CVE-2020-9388

CSRF protection was not present in SquaredUp before version 4.6.0. A CSRF attack could have been possible by an administrator executing arbitrary code in a HTML dashboard tile via a crafted HTML page, or by uploading a malicious SVG payload into a dashboard...

6.5CVSS0.00777EPSS
Exploits0References3
Rows per page
Query Builder