XSS in WhatsUp Gold <2023.1 Dashboard Stored XSS
CVE-2023-6364 Published on December 14, 2023
WhatsUp Gold Stored Cross-Site Scripting (XSS) via Dashboard
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.
If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
Vulnerability Analysis
CVE-2023-6364 is exploitable with network access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2023-6364 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2023-6364
Want to know whenever a new CVE is published for Progress Whatsup Gold? stack.watch will email you.
Affected Versions
Progress Software Corporation WhatsUp Gold:- Version 2023.0 and below 2023.1 is affected.
- Version 2022.0, <= 2022.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.