CVE-2021-40092

Name of the Vulnerable Software and Affected Versions SquaredUp for SCOM version 5.2.1.6654

Description A cross-site scripting (XSS) issue in the Image Tile component allows remote attackers to inject arbitrary web script or HTML via an SVG file. This enables attackers to execute malicious scripts on the victim's browser.

Recommendations For SquaredUp for SCOM version 5.2.1.6654, consider disabling the Image Tile feature until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to SVG files to minimize the risk of arbitrary web script or HTML injection.