In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.
References
Link | Resource |
---|---|
https://knowledgebase.progress.com/articles/Knowledge/WhatsUp-Gold-Security-Bulletin-September-2021 | Vendor Advisory |
http://packetstormsecurity.com/files/164359/WhatsUpGold-21.0.3-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2021-09-28 11:15
Updated : 2021-10-07 05:45
NVD link : CVE-2021-41318
Mitre link : CVE-2021-41318
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
progress
- whatsupgold