Lucene search

ProgressSoftwareCVELIST:CVE-2023-6366

HistoryDec 14, 2023 - 4:05 p.m.

CVE-2023-6366 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Alert Center

2023-12-1416:05:31

CWE-79

ProgressSoftware

www.cve.org

whatsup gold

stored xss

vulnerability

alert center

javascript

browser

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center.

If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "modules": [
      "Alert Center"
    ],
    "product": "WhatsUp Gold",
    "vendor": "Progress Software Corporation",
    "versions": [
      {
        "lessThan": "2023.1",
        "status": "affected",
        "version": "2023.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "2022.1",
        "status": "affected",
        "version": "2022.0",
        "versionType": "semver"
      }
    ]
  }
]

References

community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023

www.progress.com/network-monitoring

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for CVELIST:CVE-2023-6366