CVE-2023-6366

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center.

If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.

Published: Dec 14, 2023
Updated: Dec 20, 2023
CVE: CVE-2023-6366
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
progress / whatsup_gold	-	23.1.0

https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
https://www.progress.com/network-monitoring

Vulnerability Database

290,278

CVE-2023-6366