Vulnerabilities > Squaredup > Squaredup
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-07 | CVE-2021-40092 | Cross-site Scripting vulnerability in Squaredup 4.6/5.2.1.6654 A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file. | 3.5 |
| 2021-12-07 | CVE-2021-40093 | Cross-site Scripting vulnerability in Squaredup 4.6/5.2.1.6654 A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions. | 3.5 |
| 2021-12-07 | CVE-2021-40094 | Cross-site Scripting vulnerability in Squaredup 4.6/5.2.1.6654 A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. | 3.5 |
| 2021-12-07 | CVE-2021-40095 | Unspecified vulnerability in Squaredup 4.6/5.2.1.6654 An issue was discovered in SquaredUp for SCOM 5.2.1.6654. | 4.0 |
| 2021-12-07 | CVE-2021-40096 | Cross-site Scripting vulnerability in Squaredup 4.6/5.2.1.6654 A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations. | 3.5 |
| 2021-12-06 | CVE-2021-40091 | Server-Side Request Forgery (SSRF) vulnerability in Squaredup 4.6/5.2.1.6654 An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. | 7.5 |
| 2021-02-03 | CVE-2020-9390 | Cross-site Scripting vulnerability in Squaredup SquaredUp allowed Stored XSS before version 4.6.0. | 5.4 |
| 2021-02-03 | CVE-2020-9389 | Information Exposure Through Discrepancy vulnerability in Squaredup 4.6 A username enumeration issue was discovered in SquaredUp before version 4.6.0. | 4.3 |
| 2021-02-03 | CVE-2020-9388 | Cross-Site Request Forgery (CSRF) vulnerability in Squaredup 4.6 CSRF protection was not present in SquaredUp before version 4.6.0. | 6.5 |