CVE-2020-9390 - Stored cross-site scripting (Web Content tile)
Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.
Before SquaredUp DS version 4.6, stored XSS was possible for Web Content tiles. Exploiting this vulnerability was possible for SquaredUp DS users who can create dashboards.
What should you do?
If you are using a SquaredUp DS version earlier than 4.6, update to version 4.6 or later.
Affected and resolved software versions
|Product||Affected versions||Resolved versions|
|SCOM Edition||Versions earlier than 4.6||4.6 and later versions|
|Azure Edition||Versions earlier than 4.6||4.6 and later versions|
SquaredUp would like to thank Giuseppe-Diego Gianni from NATO for reporting this vulnerability.
Did you notice a vulnerability or need further help?
Please contact SquaredUp Support if you have any questions about this vulnerability or need further help.
If you believe you've found a different security vulnerability in one of our products please report it by emailing our support team so we can work on fixing it: firstname.lastname@example.org
Revision history of this article
|10.6.2021||Updated support contact information|
|8.11. 2021||Updated title|