CVE-2006-2351

Ipswitch Whatsup Professional - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED

by David Maciejak · textremoteasp

https://www.exploit-db.com/exploits/27861

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by David Maciejak · textremoteasp

https://www.exploit-db.com/exploits/27862

View Code ZIP pw:eip

References (8)

[Exploit, Vendor Advisory] http://secunia.com/advisories/20075

[Exploit, Vendor Advisory] http://www.securityfocus.com/archive/1/433808

[Exploit] http://www.securityfocus.com/bid/17964

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/1787

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26500

[Third Party Advisory, VDB Entry] http://www.osvdb.org/25469

[Third Party Advisory, VDB Entry] http://www.osvdb.org/25470

[Third Party Advisory] http://securityreason.com/securityalert/897

Scores

EPSS 0.0011

EPSS Percentile 30.2%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

ipswitch/whatsup_professional

ipswitch/whatsup_professional

Timeline

Published May 15, 2006

Tracked Since Feb 18, 2026