WhatsUp Gold 2022 (v.22.1.0 Build 39) is susceptible to a stored cross-site scripting (XSS) attack via the sysName SNMP parameter. An attacker can insert malicious scripts into the admin console by manipulating the SNMP device name. Once saved, the injected code executes in the admin user's context, potentially leading to data theft or unauthorized activities. This exploit can create a Powershell reverse shell connecting to the attacker at intervals.