Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/archive/1/433808 | Exploit Vendor Advisory |
| http://www.securityfocus.com/bid/17964 | Exploit |
| http://secunia.com/advisories/20075 | Exploit Vendor Advisory |
| http://www.osvdb.org/25469 | |
| http://www.osvdb.org/25470 | |
| http://securityreason.com/securityalert/897 | |
| http://www.vupen.com/english/advisories/2006/1787 | Vendor Advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26500 |
Advertisement
Configurations
Configuration 1 (hide)
|
Information
Published : 2006-05-15 03:02
Updated : 2017-07-19 18:31
NVD link : CVE-2006-2351
Mitre link : CVE-2006-2351
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Advertisement
Products Affected
ipswitch
- whatsup_professional