Vulnerability Description
A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Squaredup | Squaredup | < 5.3.1 |
Related Weaknesses (CWE)
References
- https://support.squaredup.comVendor Advisory
- https://support.squaredup.com/hc/en-us/articles/4410635417233-CVE-2021-40092-StoVendor Advisory
- https://support.squaredup.comVendor Advisory
- https://support.squaredup.com/hc/en-us/articles/4410635417233-CVE-2021-40092-StoVendor Advisory
FAQ
What is CVE-2021-40092?
CVE-2021-40092 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.
How severe is CVE-2021-40092?
CVE-2021-40092 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-40092?
Check the references section above for vendor advisories and patch information. Affected products include: Squaredup Squaredup.