CVE-2023-6367: 
WhatsUp Gold vulnerability analysis and mitigation

CVE-2023-6367 is a stored cross-site scripting (XSS) vulnerability identified in WhatsUp Gold versions released before 2023.1. The vulnerability was disclosed on December 14, 2023, affecting Progress Software's WhatsUp Gold network monitoring solution (Progress Advisory, NVD).

The vulnerability allows an attacker to craft and store an XSS payload within Roles functionality. When a WhatsUp Gold user interacts with the crafted payload, it enables the execution of malicious JavaScript within the context of the victim's browser. The vulnerability has been assigned a CVSS v3.1 base score of 7.6 (HIGH) by Progress Software Corporation, with the vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H. NIST has assigned a CVSS score of 5.4 (MEDIUM) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

If successfully exploited, the vulnerability allows attackers to execute malicious JavaScript code in the context of the victim's browser session. This could potentially lead to unauthorized access to sensitive information, session hijacking, or other malicious actions within the scope of the user's browser session (NVD).

Users are advised to upgrade to WhatsUp Gold version 2023.1 or later to address this vulnerability. Progress Software has released patches to fix the issue in the latest version (Progress Advisory).