CVE-2023-6364

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.

If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.6 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
ProgressSoftwareCNA
7.6 HIGH
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
VendorProductVersion
progresswhatsup_gold
𝑥
< 23.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
https://www.progress.com/network-monitoring
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
https://www.progress.com/network-monitoring