CVE-2023-6367
WhatsUp Gold Stored Cross-Site Scripting (XSS) via Roles
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles.
If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.
En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identificó una vulnerabilidad de Cross-Site Scripting (XSS) almacenadas. Es posible que un atacante cree un payload XSS y almacene ese valor dentro de Roles. Si un usuario de WhatsUp Gold interactúa con el payload manipulado, el atacante podría ejecutar JavaScript malicioso dentro del contexto del navegador de la víctima.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-28 CVE Reserved
- 2023-12-14 CVE Published
- 2023-12-20 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
- CAPEC-592: Stored XSS
References (2)
URL | Tag | Source |
---|---|---|
https://www.progress.com/network-monitoring | Product |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023 | 2023-12-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Progress Search vendor "Progress" | Whatsup Gold Search vendor "Progress" for product "Whatsup Gold" | < 23.1.0 Search vendor "Progress" for product "Whatsup Gold" and version " < 23.1.0" | - |
Affected
|