CVE-2022-42711
CRITICAL severity · CVSS 9.6 · Cross-site scripting (XSS)
9.6CVSS CRITICAL
Summary
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)1%
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.