vulnerability

Progress WhatsUp Gold: CVE-2023-6366: Improper Neutralization of Input During Web Page Generation

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:H/Au:M/C:C/I:C/A:C)	Dec 14, 2023	Jul 9, 2025	Nov 14, 2025

Severity

CVSS

(AV:N/AC:H/Au:M/C:C/I:C/A:C)

Published

Dec 14, 2023

Added

Jul 9, 2025

Modified

Nov 14, 2025

Description

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center.

If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.

Solution

progress-whatsup-gold-upgrade-latest

References

CWE-79
CVE-2023-6366
https://attackerkb.com/topics/CVE-2023-6366
URL-https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023
URL-https://www.progress.com/network-monitoring

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today