Login Sign Up

CVE-2023-6366

7.6 HIGH
Cross-Site Scripting

📋 TL;DR

This stored XSS vulnerability in WhatsUp Gold allows attackers to inject malicious JavaScript into the Alert Center. When users interact with the crafted payload, the attacker can execute arbitrary code in the victim's browser. All WhatsUp Gold users running versions before 2023.1 are affected.

💻 Affected Systems

Products:
  • WhatsUp Gold
Versions: All versions before 2023.1
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in Alert Center functionality; all deployments with this feature enabled are vulnerable.

📦 What is this software?

Whatsup Gold by Progress

View all CVEs affecting Whatsup Gold →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full control of victim's WhatsUp Gold session, potentially leading to credential theft, data exfiltration, or complete system compromise through chained attacks.

🟠

Likely Case

Session hijacking, credential theft, or unauthorized actions performed within the victim's WhatsUp Gold context.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, though stored XSS remains a persistent threat.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Stored XSS typically requires some level of access to inject payloads, but exploitation is straightforward once payload is placed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2023.1 or later

Vendor Advisory: https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023

Restart Required: Yes

Instructions:

1. Download WhatsUp Gold 2023.1 or later from Progress website. 2. Backup current configuration. 3. Install update following vendor documentation. 4. Restart WhatsUp Gold services.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation for Alert Center fields to reject suspicious content.

Content Security Policy

all

Implement strict CSP headers to limit script execution sources.

🧯 If You Can't Patch

  • Restrict access to WhatsUp Gold to trusted users only
  • Implement web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check WhatsUp Gold version in administration console; if version is below 2023.1, system is vulnerable.

Check Version:

Check via WhatsUp Gold web interface: Admin > About, or on server: wugadmin.exe --version (Windows) or ./wugadmin --version (Linux)

Verify Fix Applied:

Verify version is 2023.1 or higher and test Alert Center functionality with safe test payloads.

📡 Detection & Monitoring

Log Indicators:

  • Unusual Alert Center entries with script tags or JavaScript patterns
  • Multiple failed login attempts following Alert Center modifications

Network Indicators:

  • Unexpected outbound connections from WhatsUp Gold server following user interaction with alerts

SIEM Query:

source="WhatsUpGold" AND (message="*<script>*" OR message="*javascript:*" OR message="*alert(*")

📊 Metadata

CVE ID: CVE-2023-6366
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-79
Published: December 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6366, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)