CVE-2024-45180 - Stored cross-site scripting (Knowledge Editor tile)

CVE:CVE-2024-45180

Description

Cross-site scripting (XSS) enable attackers to bring malicious content into a website or application.

Before SquaredUp DS version 6.3.0, stored XSS was possible for Knowledge Editor tiles. Exploiting this vulnerability was possible for SquaredUp DS users who can create dashboards.

Fix

Sanitization for Knowledge Editor tiles has been implemented to ensure that the tile content is free of malicious scripts.

What should you do?

If you are using a SquaredUp DS version earlier than 6.2.1, update to version 6.3.0 or later.

Affected and resolved software versions

Product	Affected versions	Resolved versions
SquaredUp DS for SCOM	Versions 6.2.1 and earlier	Versions 6.3.0 and above

Acknowledgement

SquaredUp would like to thank Łukasz Piec for reporting this vulnerability.

Did you notice a vulnerability or need further help?

Please contact SquaredUp Support

If you believe you've found a different security vulnerability in one of our products please report it by emailing our support team so we can work on fixing it: [email protected]

Revision history of this article

02.09.2024

Initial release

Was this article helpful?

Have more questions or facing an issue?

Submit a ticket