ProgressSoftwareCVELIST:CVE-2023-6364CVE-2023-6364 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Dashboard
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.
If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
CNA Affected
[
{
"defaultStatus": "affected",
"modules": [
"Dashboard"
],
"product": "WhatsUp Gold",
"vendor": "Progress Software Corporation",
"versions": [
{
"lessThan": "2023.1",
"status": "affected",
"version": "2023.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2022.1",
"status": "affected",
"version": "2022.0",
"versionType": "semver"
}
]
}
]Related
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%