LogoDark mode logo
LogoDark mode logo
Contact SupportLoading Light/Dark Toggle

  • Licensing Overview
  • System Requirements, Server Spec and Sizing
    • Best Practices for Security
    • Signing and security for product files
    • Signing and security for sensitive tiles
    • CVE-2020-9388 - API Endpoints are not protected against CSRF
    • CVE-2020-9389 - Username enumeration possible via a timing attack
    • CVE-2020-9390 - Stored cross-site scripting (Web Content and Visio tile)
    • CVE-2021-40091 - SSRF issue
    • CVE-2021-40092 - Stored cross-site scripting (Image tile)
    • CVE-2021-40093 - Stored cross-site scripting (Action Buttons)
    • CVE-2021-40094 - DOM-based stored cross-site scripting
    • CVE-2021-40095 - Reading arbitrary files
    • CVE-2021-40096 - Stored cross-site scripting (provider configuration)
    • Information regarding CVE-2021-44228 - Apache Log4j 2
    • CVE-2022-46784 - Client side open redirection
    • CVE-2022-46785 - Prototype pollution leading to XSS
    • CVE-2022-46786 - Stored Cross-Site Scripting
    • CVE-2024-45180 - Stored cross-site scripting (Knowledge Editor tile)
  • EAM-X
  • Training
  • Support for older versions of SquaredUp DS
  • Understanding the figures on Performance graphs
  • SquaredUp DS and the SDK user limit
  • Useful PowerShell Commands
  • Square Up (the credit card company) payments and problems
referencesecurity advisorycve 2021 40094 dom based stored cross site scripting

CVE-2021-40094 - DOM-based stored cross-site scripting

CVE:CVE-2021-40094

Description

Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.

Before SquaredUp DS version 5.3.1, DOM-based XSS was possible. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device.

Fix

The browsercheck function has been improved to prevent DOM-based XSS.

What should you do?

If you are using a SquaredUp DS version earlier than 5.3.1, update to version 5.3.1 or later.

Affected and resolved software versions

Product
Affected versions
Resolved versions
SquaredUp DS for SCOM
Versions earlier than 5.3.1
5.3.1 and later versions
SquaredUp DS for Azure
Versions earlier than 5.3.1
5.3.1 and later versions
SquaredUp DS Standalone
Versions earlier than 5.3.1
5.3.1 and later versions

Acknowledgement

SquaredUp would like to thank Kajetan Rostojek from ING Tech Poland for reporting this vulnerability.

Did you notice a vulnerability or need further help?

Please contact SquaredUp Support

If you believe you've found a different security vulnerability in one of our products please report it by emailing our support team so we can work on fixing it: [email protected]

Revision history of this article

10.11.2021
Initial release

Was this article helpful?


Have more questions or facing an issue?
Submit a ticket

On this page

  • Description
  • Affected and resolved software versions
  • Acknowledgement
  • Did you notice a vulnerability or need further help?
  • Revision history of this article

Footer

Sites

  • SQUAREDUP
  • SQUAREDUP DS
  • DOWNLOAD
  • COMMUNITY ANSWERS

Quick Links

  • SUBMIT A REQUEST
  • EVENTS
  • CAREERS

Small Print

  • PRIVACY POLICY
  • TERMS AND CONDITIONS
Youtubex (Twitter)LinkedIn

© SquaredUp 2025