CVE-2006-2351

IPswitch WhatsUp Professional 2006 - Cross-Site Scripting via sDeviceView, nDeviceID, or sHostname Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-2351. PoCs published by David Maciejak.

AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in WhatsUp Professional, including remote file inclusion, XSS, and information disclosure. However, no actual exploit code is present—only a description and a sample URL.

Description

Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED
by David Maciejak · textremoteasp
https://www.exploit-db.com/exploits/27862

The provided text describes multiple input-validation vulnerabilities in WhatsUp Professional, including remote file inclusion, XSS, and information disclosure. However, no actual exploit code is present—only a description and a sample URL.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: WhatsUp Professional (version unspecified)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by David Maciejak · textremoteasp
https://www.exploit-db.com/exploits/27861

The provided text is a vulnerability description for CVE-2006-2351, detailing multiple input-validation issues in WhatsUp Professional, including remote file inclusion, XSS, and information disclosure. It lacks actual exploit code or a proof-of-concept, serving only as a high-level summary.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: WhatsUp Professional (version not specified)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25469
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/433808
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20075
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26500
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1787
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17964
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/897
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25470

Scores

EPSS 0.0455
EPSS Percentile 90.4%

Details

CWE
CWE-79
Status published
Products (2)
ipswitch/whatsup_professional 2006
ipswitch/whatsup_professional 2006_premium
Published May 15, 2006
Tracked Since Feb 18, 2026