CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6365 – WhatsUp Gold Stored Cross-Site Scripting (XSS) via Device Groups
https://notcve.org/view.php?id=CVE-2023-6365
14 Dec 2023 — In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identificó una vulnerabilidad de Cross-Site Scripting (XSS) almacena... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6364 – WhatsUp Gold Stored Cross-Site Scripting (XSS) via Dashboard
https://notcve.org/view.php?id=CVE-2023-6364
14 Dec 2023 — In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identificó una vulnerabilidad de Cross-Site Scripting (XSS) A... • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6218 – MOVEit Transfer Group Admin Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-6218
29 Nov 2023 — In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a privilege escalation path associated with group administrators has been identified. It is possible for a group administrator to elevate a group members permissions to the role of an organization administrator. En las versiones de Progress MOVEit Transfer lanzadas antes de 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), se ha identificado una ruta de escalada de privilegios asociada co... • https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2023-6217 – MOVEit Transfer XSS via MOVEit Gateway
https://notcve.org/view.php?id=CVE-2023-6217
29 Nov 2023 — In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9), 2022.1.10 (14.1.10), 2023.0.7 (15.0.7), a reflected cross-site scripting (XSS) vulnerability has been identified when MOVEit Gateway is used in conjunction with MOVEit Transfer. An attacker could craft a malicious payload targeting the system which comprises a MOVEit Gateway and MOVEit Transfer deployment. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context o... • https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-November-2023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-42659 – WS_FTP Server Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2023-42659
07 Nov 2023 — In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application. WS_FTP Server en las versiones anteriores a 8.7.6 y 8.8.4, se identificó una falla en la carga de archivos sin restricciones. Un usuario autenticado de Ad Hoc Transfer tiene la capacidad de crear un... • https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40049 – WS_FTP Server Information Disclosure via Directory Listing
https://notcve.org/view.php?id=CVE-2023-40049
27 Sep 2023 — In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. En la versión del servidor WS_FTP anterior a la 8.8.2, un usuario no autenticado podía enumerar archivos en la lista del directorio 'WebServiceHost'. • https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40048 – WS_FTP Server Cross-Site Request Forgery (CSRF) Vulnerability
https://notcve.org/view.php?id=CVE-2023-40048
27 Sep 2023 — In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function. En la versión del servidor WS_FTP anterior a la 8.8.2, a la interfaz del Administrador del servidor WS_FTP le faltaba protección contra Cross-Site Reuqest Forgery (CSRF) en una transacción POST correspondiente a una función administrativa del servidor WS_FTP. • https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40047 – WS_FTP Server Stored Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2023-40047
27 Sep 2023 — In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site scripting payload is successfully stored, an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the co... • https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40046 – WS_FTP Server SQL Injection via Administrative Interface
https://notcve.org/view.php?id=CVE-2023-40046
27 Sep 2023 — In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements. En las versiones del servidor WS_FTP anteriores a 8.7.4 y 8.8.2, existe una vulnerabilidad de inyección SQL en la interfaz del administrador del servidor WS_FTP. Un atacante puede inferir información sobre la estructura y ... • https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-40045 – WS_FTP Server Ad Hoc Transfer Module Reflected Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2023-40045
27 Sep 2023 — In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser. En las versiones del servidor WS_FTP anteriores a 8.7.4 y 8.8.2, existe una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en el módulo de transfere... • https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •