CVE-2023-6366: 
WhatsUp Gold vulnerability analysis and mitigation

A stored cross-site scripting (XSS) vulnerability has been identified in WhatsUp Gold versions released before 2023.1. The vulnerability, tracked as CVE-2023-6366, was discovered and disclosed in December 2023 (Progress Bulletin).

The vulnerability allows an attacker to craft and store an XSS payload within Alert Center. When a WhatsUp Gold user interacts with the crafted payload, the attacker can execute malicious JavaScript within the context of the victim's browser. The vulnerability has been assigned a CVSS score of 7.6, indicating a high severity level (Progress Bulletin).

If successfully exploited, the vulnerability enables attackers to execute arbitrary JavaScript code in the context of the victim's browser session. This could potentially lead to unauthorized access to sensitive information, session hijacking, or other malicious actions within the WhatsUp Gold application (CVE Mitre).

Users are advised to upgrade to WhatsUp Gold version 2023.1 or later to address this vulnerability. The fix has been implemented in this version to prevent stored XSS attacks through the Alert Center component (Progress Bulletin).