CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6365 – WhatsUp Gold Stored Cross-Site Scripting (XSS) via Device Groups
https://notcve.org/view.php?id=CVE-2023-6365
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identificó una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas. Es posible que un atacante cree un payload XSS y almacene ese valor dentro de un grupo de dispositivos. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 https://www.progress.com/network-monitoring • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6364 – WhatsUp Gold Stored Cross-Site Scripting (XSS) via Dashboard
https://notcve.org/view.php?id=CVE-2023-6364
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a dashboard component. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identificó una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada. Es posible que un atacante cree un payload XSS y almacene ese valor dentro de un componente del panel. • https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 https://www.progress.com/network-monitoring • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-35759 – WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-35759
In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. WhatsUp Gold 2022 version 22.1.0 Build 39 suffers from a persistent cross site scripting vulnerability. • http://packetstormsecurity.com/files/176978/WhatsUp-Gold-2022-22.1.0-Build-39-Cross-Site-Scripting.html https://community.progress.com/s/article/Product-Alert-Bulletin-June-2023 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42711
https://notcve.org/view.php?id=CVE-2022-42711
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser. En Progress WhatsUp Gold versiones anteriores a 22.1.0, un endpoint de la aplicación SNMP MIB Walker no saneaba apropiadamente la entrada maliciosa. Esto podría permitir a un atacante no autenticado ejecutar código arbitrario en el navegador de la víctima • https://community.progress.com/s/article/Product-Alert-Bulletin-October-2022 https://www.progress.com https://www.progress.com/network-monitoring • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •