CVE-2023-6367

Name of the Vulnerable Software and Affected Versions WhatsUp Gold versions prior to 2023.1

Description A stored cross-site scripting (XSS) issue has been identified, allowing an attacker to craft a XSS payload and store it within Roles. If a WhatsUp Gold user interacts with the crafted payload, the attacker can execute malicious JavaScript within the context of the victim's browser.

Recommendations For versions prior to 2023.1, update to version 2023.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Roles feature to minimize the risk of exploitation. Avoid interacting with suspicious or unknown payloads within the Roles section until the issue is resolved.