Published: 15/05/2006 Updated: 20/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote malicious users to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ipswitch whatsup professional 2006
ipswitch whatsup professional 2006_premium

source: wwwsecurityfocuscom/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation vulnerabilities These issues are due to a failure in the application to properly sanitiz ...

source: wwwsecurityfocuscom/bid/17964/info WhatsUp Professional is prone to multiple input-validation vulnerabilities The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation vulnerabilities These issues are due to a failure in the application to properly sanitize ...

CWE-79 http://www.securityfocus.com/archive/1/433808 http://www.securityfocus.com/bid/17964 http://secunia.com/advisories/20075 http://www.osvdb.org/25469 http://www.osvdb.org/25470 http://securityreason.com/securityalert/897 http://www.vupen.com/english/advisories/2006/1787 https://exchange.xforce.ibmcloud.com/vulnerabilities/26500 https://nvd.nist.gov https://www.exploit-db.com/exploits/27862/

CVE-2006-2351

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect