WhatsUp Gold <2023.1 Stored XSS in Alert Center
CVE-2023-6366 Published on December 14, 2023
WhatsUp Gold Stored Cross-Site Scripting (XSS) via Alert Center
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center.
If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
Vulnerability Analysis
CVE-2023-6366 is exploitable with network access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a XSS Vulnerability?
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVE-2023-6366 has been classified to as a XSS vulnerability or weakness.
Products Associated with CVE-2023-6366
stack.watch emails you whenever new vulnerabilities are published in Progress Whatsup Gold or Ipswitch Whatsup Gold. Just hit a watch button to start following.
Affected Versions
Progress Software Corporation WhatsUp Gold:- Version 2023.0 and below 2023.1 is affected.
- Version 2022.0, <= 2022.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.