nvd-json-data-feeds/CVE-2023/CVE-2023-63xx/CVE-2023-6364.json

{
  "id": "CVE-2023-6364",
  "sourceIdentifier": "security@progress.com",
  "published": "2023-12-14T16:15:52.957",
  "lastModified": "2023-12-19T15:25:57.190",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.\u00a0 It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.\u00a0\u00a0\n\nIf a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.\n\n"
    },
    {
      "lang": "es",
      "value": "En las versiones de WhatsUp Gold lanzadas antes de la 2023.1, se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) Almacenada. Es posible que un atacante cree un payload XSS y almacene ese valor dentro de un componente del panel. Si un usuario de WhatsUp Gold interact\u00faa con el payload manipulado, el atacante podr\u00eda ejecutar JavaScript malicioso dentro del contexto del navegador de la v\u00edctima."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      },
      {
        "source": "security@progress.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.6,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    },
    {
      "source": "security@progress.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:progress:whatsup_gold:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "23.1.0",
              "matchCriteriaId": "5D27D3E3-A9E8-493A-8D4A-51ED537ABC7D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-December-2023",
      "source": "security@progress.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.progress.com/network-monitoring",
      "source": "security@progress.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}