CVE-2022-42711

CRITICAL

Progress WhatsUp Gold < 22.1.0 - Unauthenticated Stored Cross-Site Scripting via SNMP MIB Walker Endpoint

Title source: llm

Description

In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.

References (3)

Core 3

Core References

Vendor Advisory

https://community.progress.com/s/article/Product-Alert-Bulletin-October-2022

Vendor Advisory

https://www.progress.com/

Vendor Advisory

https://www.progress.com/network-monitoring

Scores

CVSS v3 9.6

EPSS 0.0052

EPSS Percentile 66.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

progress/whatsup_gold < 22.1.0

Published Oct 12, 2022

Tracked Since Feb 18, 2026