CVE-2021-40094 - DOM-based stored cross-site scripting
CVE:CVE-2021-40094
Description
Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.
Before SquaredUp DS version 5.3.1, DOM-based XSS was possible. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device.
Fix
The browsercheck function has been improved to prevent DOM-based XSS.
What should you do?
If you are using a SquaredUp DS version earlier than 5.3.1, update to version 5.3.1 or later.
Affected and resolved software versions
Product | Affected versions | Resolved versions |
SquaredUp DS for SCOM | Versions earlier than 5.3.1 | 5.3.1 and later versions |
SquaredUp DS for Azure | Versions earlier than 5.3.1 | 5.3.1 and later versions |
SquaredUp DS Standalone | Versions earlier than 5.3.1 | 5.3.1 and later versions |
Acknowledgement
SquaredUp would like to thank Kajetan Rostojek from ING Tech Poland for reporting this vulnerability.
Did you notice a vulnerability or need further help?
Please contact SquaredUp Support
If you believe you've found a different security vulnerability in one of our products please report it by emailing our support team so we can work on fixing it: [email protected]
Revision history of this article
10.11.2021 | Initial release |