A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.
References
Link | Resource |
---|---|
https://support.squaredup.com | Vendor Advisory |
https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration- | Vendor Advisory |
https://support.squaredup.com | Vendor Advisory |
https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration- | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.squaredup.com - Vendor Advisory | |
References | () https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration- - Vendor Advisory |
Information
Published : 2021-12-07 13:15
Updated : 2024-11-21 06:23
NVD link : CVE-2021-40096
Mitre link : CVE-2021-40096
CVE.ORG link : CVE-2021-40096
JSON object : View
Products Affected
squaredup
- squaredup
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')