CVE-2023-6367
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-6367 is a stored cross-site scripting (XSS) vulnerability affecting WhatsUp Gold versions prior to 2023.1. An attacker can exploit this flaw by injecting malicious JavaScript code into Roles, which, if interacted with by a WhatsUp Gold user, would enable the attacker to execute the code within the user's browser. This vulnerability poses a significant risk, as it can lead to unauthorized data access or manipulation, session hijacking, or other malicious activities. It is essential for organizations using WhatsUp Gold to update their software to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Progress Publishers