Vulnerability-Lookup

CVE-2021-40096 (GCVE-0-2021-40096)

Vulnerability from cvelistv5 – Published: 2021-12-07 12:58 – Updated: 2024-08-04 02:27

Summary

A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://support.squaredup.com	x_refsource_MISC
	https://support.squaredup.com/hc/en-us/articles/4…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.488Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.squaredup.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-07T12:58:33",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.squaredup.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-40096",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.squaredup.com",
              "refsource": "MISC",
              "url": "https://support.squaredup.com"
            },
            {
              "name": "https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-",
              "refsource": "MISC",
              "url": "https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-40096",
    "datePublished": "2021-12-07T12:58:33",
    "dateReserved": "2021-08-25T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:squaredup:squaredup:*:*:*:*:azure:*:*:*\", \"versionEndExcluding\": \"5.3.1\", \"matchCriteriaId\": \"C9A42C77-EE6A-4940-AC11-973B94156883\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:squaredup:squaredup:*:*:*:*:community:*:*:*\", \"versionEndExcluding\": \"5.3.1\", \"matchCriteriaId\": \"0854AFD1-A982-4C88-867E-EF23DC77F077\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:squaredup:squaredup:*:*:*:*:system_center_operations_manager:*:*:*\", \"versionEndExcluding\": \"5.3.1\", \"matchCriteriaId\": \"23819611-CEBC-442D-9835-DA080864F392\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de tipo cross-site scripting (XSS) en la configuraci\\u00f3n de integraci\\u00f3n en SquaredUp para SCOM versi\\u00f3n 5.2.1.6654, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio de la modificaci\\u00f3n de la authorisationUrl en algunas configuraciones de integraci\\u00f3n\"}]",
      "id": "CVE-2021-40096",
      "lastModified": "2024-11-21T06:23:33.040",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-12-07T13:15:07.837",
      "references": "[{\"url\": \"https://support.squaredup.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.squaredup.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-40096\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-12-07T13:15:07.837\",\"lastModified\":\"2024-11-21T06:23:33.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de tipo cross-site scripting (XSS) en la configuraci\u00f3n de integraci\u00f3n en SquaredUp para SCOM versi\u00f3n 5.2.1.6654, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio de la modificaci\u00f3n de la authorisationUrl en algunas configuraciones de integraci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squaredup:squaredup:*:*:*:*:azure:*:*:*\",\"versionEndExcluding\":\"5.3.1\",\"matchCriteriaId\":\"C9A42C77-EE6A-4940-AC11-973B94156883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squaredup:squaredup:*:*:*:*:community:*:*:*\",\"versionEndExcluding\":\"5.3.1\",\"matchCriteriaId\":\"0854AFD1-A982-4C88-867E-EF23DC77F077\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squaredup:squaredup:*:*:*:*:system_center_operations_manager:*:*:*\",\"versionEndExcluding\":\"5.3.1\",\"matchCriteriaId\":\"23819611-CEBC-442D-9835-DA080864F392\"}]}]}],\"references\":[{\"url\":\"https://support.squaredup.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.squaredup.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2021-40096

Vulnerability from fkie_nvd - Published: 2021-12-07 13:15 - Updated: 2024-11-21 06:23

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
cve@mitre.org	https://support.squaredup.com	Vendor Advisory
cve@mitre.org	https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.squaredup.com	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-	Vendor Advisory

Impacted products

Vendor	Product	Version
squaredup	squaredup	*
squaredup	squaredup	*
squaredup	squaredup	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:squaredup:squaredup:*:*:*:*:azure:*:*:*",
              "matchCriteriaId": "C9A42C77-EE6A-4940-AC11-973B94156883",
              "versionEndExcluding": "5.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squaredup:squaredup:*:*:*:*:community:*:*:*",
              "matchCriteriaId": "0854AFD1-A982-4C88-867E-EF23DC77F077",
              "versionEndExcluding": "5.3.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:squaredup:squaredup:*:*:*:*:system_center_operations_manager:*:*:*",
              "matchCriteriaId": "23819611-CEBC-442D-9835-DA080864F392",
              "versionEndExcluding": "5.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en la configuraci\u00f3n de integraci\u00f3n en SquaredUp para SCOM versi\u00f3n 5.2.1.6654, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio de la modificaci\u00f3n de la authorisationUrl en algunas configuraciones de integraci\u00f3n"
    }
  ],
  "id": "CVE-2021-40096",
  "lastModified": "2024-11-21T06:23:33.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-07T13:15:07.837",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.squaredup.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.squaredup.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-40096

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-40096

Aliases

CVE-2021-40096

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-40096",
    "description": "A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.",
    "id": "GSD-2021-40096"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-40096"
      ],
      "details": "A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.",
      "id": "GSD-2021-40096",
      "modified": "2023-12-13T01:23:25.719475Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-40096",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.squaredup.com",
            "refsource": "MISC",
            "url": "https://support.squaredup.com"
          },
          {
            "name": "https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-",
            "refsource": "MISC",
            "url": "https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:squaredup:squaredup:*:*:*:*:azure:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squaredup:squaredup:*:*:*:*:community:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:squaredup:squaredup:*:*:*:*:system_center_operations_manager:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.3.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-40096"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.squaredup.com",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.squaredup.com"
            },
            {
              "name": "https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.3,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2021-12-14T20:28Z",
      "publishedDate": "2021-12-07T13:15Z"
    }
  }
}

GHSA-8W4W-47R7-GX5V

Vulnerability from github – Published: 2021-12-08 00:01 – Updated: 2021-12-08 00:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-40096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-07T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.",
  "id": "GHSA-8w4w-47r7-gx5v",
  "modified": "2021-12-08T00:01:36Z",
  "published": "2021-12-08T00:01:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40096"
    },
    {
      "type": "WEB",
      "url": "https://support.squaredup.com"
    },
    {
      "type": "WEB",
      "url": "https://support.squaredup.com/hc/en-us/articles/4410656396817-CVE-2021-40096-Stored-cross-site-scripting-provider-configuration-"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2021-100390

Vulnerability from cnvd - Published: 2021-12-16

Title

SquaredUp for SCOM跨站脚本漏洞（CNVD-2021-100390）

Description

Squaredup是英国Squaredup公司的一个可为云环境提供数据监控功能的Web服务。 SquaredUp for SCOM 5.2.1.6654版本的integration configuration存在跨站脚本漏洞，远程攻击者可利用该漏洞通过某些集成配置中的授权URL注入任意web脚本或HTML。

Severity

低

Patch Name

SquaredUp for SCOM跨站脚本漏洞（CNVD-2021-100390）的补丁

Patch Description

Squaredup是英国Squaredup公司的一个可为云环境提供数据监控功能的Web服务。 SquaredUp for SCOM 5.2.1.6654版本的integration configuration存在跨站脚本漏洞，远程攻击者可利用该漏洞通过某些集成配置中的授权URL注入任意web脚本或HTML。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.squaredup.com

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-40096

Impacted products

Name
squaredup SquaredUp for SCOM 5.2.1.6654

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-40096",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-40096"
    }
  },
  "description": "Squaredup\u662f\u82f1\u56fdSquaredup\u516c\u53f8\u7684\u4e00\u4e2a\u53ef\u4e3a\u4e91\u73af\u5883\u63d0\u4f9b\u6570\u636e\u76d1\u63a7\u529f\u80fd\u7684Web\u670d\u52a1\u3002\n\nSquaredUp for SCOM 5.2.1.6654\u7248\u672c\u7684integration configuration\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u67d0\u4e9b\u96c6\u6210\u914d\u7f6e\u4e2d\u7684\u6388\u6743URL\u6ce8\u5165\u4efb\u610fweb\u811a\u672c\u6216HTML\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.squaredup.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-100390",
  "openTime": "2021-12-16",
  "patchDescription": "Squaredup\u662f\u82f1\u56fdSquaredup\u516c\u53f8\u7684\u4e00\u4e2a\u53ef\u4e3a\u4e91\u73af\u5883\u63d0\u4f9b\u6570\u636e\u76d1\u63a7\u529f\u80fd\u7684Web\u670d\u52a1\u3002\r\n\r\nSquaredUp for SCOM 5.2.1.6654\u7248\u672c\u7684integration configuration\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u67d0\u4e9b\u96c6\u6210\u914d\u7f6e\u4e2d\u7684\u6388\u6743URL\u6ce8\u5165\u4efb\u610fweb\u811a\u672c\u6216HTML\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SquaredUp for SCOM\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-100390\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "squaredup SquaredUp for SCOM 5.2.1.6654"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-40096",
  "serverity": "\u4f4e",
  "submitTime": "2021-12-09",
  "title": "SquaredUp for SCOM\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-100390\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-40096 (GCVE-0-2021-40096)

FKIE_CVE-2021-40096

GSD-2021-40096

GHSA-8W4W-47R7-GX5V

CNVD-2021-100390

Tags

Sightings

Nomenclature