Description
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.
Exploits (2)
exploitdb
WRITEUP
VERIFIED
by David Maciejak · textremoteasp
https://www.exploit-db.com/exploits/27862
exploitdb
WRITEUP
VERIFIED
by David Maciejak · textremoteasp
https://www.exploit-db.com/exploits/27861
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25469
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/433808
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20075
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26500
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1787
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17964
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/897
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25470
Scores
EPSS
0.0011
EPSS Percentile
29.8%
Details
CWE
CWE-79
Status
published
Products (2)
ipswitch/whatsup_professional
2006
ipswitch/whatsup_professional
2006_premium
Published
May 15, 2006
Tracked Since
Feb 18, 2026