CVE-2021-41318
6.1 MEDIUMIn Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input
Published: 2021-09-28 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.1 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- CWE
- CWE-79
Affected products
| Vendor | Product |
|---|---|
| progress | whatsupgold |
Description
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-41318
- [Exploit reference]http://packetstormsecurity.com/files/164359/WhatsUpGold-21.0.3-Cross-Site-Scripting.html
- [Vendor advisory]https://knowledgebase.progress.com/articles/Knowledge/WhatsUp-Gold-Security-Bulletin-September-2021
- [Exploit reference]http://packetstormsecurity.com/files/164359/WhatsUpGold-21.0.3-Cross-Site-Scripting.html
- [Vendor advisory]https://knowledgebase.progress.com/articles/Knowledge/WhatsUp-Gold-Security-Bulletin-September-2021
Related CVEs
Same vendor
- CVE-2026-7313 — CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote a... (8.7 HIGH)
- CVE-2026-7312 — CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 t... (10.0 CRITICAL)
- CVE-2026-7201 — CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 1... (8.8 HIGH)
- CVE-2026-7198 — CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attack... (9.8 CRITICAL)
- CVE-2026-7195 — CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15... (8.8 HIGH)
Same CWE
- CVE-2026-12425 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
- CVE-2024-30476 — PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
- CVE-2026-54198 — Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
- CVE-2026-54191 — Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
- CVE-2026-39437 — Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)