CVE-2006-2351
Title: Ipswitch Whatsup Professional Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)
Proof Of Concept
PoC Available for CVE-2006-2351
CWE Category
CWE-79
Published Date
May 15, 2006
Modified Date
Apr 03, 2025
Exploit Status
Available
Score
4.3
CVSS v2.0
Exploit Probability (EPSS)
0.12%
Vulnerability Summary
CVE-2006-2351: Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.
Impacted Vendors
Reference Links
http://secunia.com/advisories/20075
http://securityreason.com/securityalert/897
http://www.osvdb.org/25469
http://www.osvdb.org/25470
http://www.securityfocus.com/archive/1/433808
http://www.securityfocus.com/bid/17964
http://www.vupen.com/english/advisories/2006/1787
https://exchange.xforce.ibmcloud.com/vulnerabilities/26500
http://secunia.com/advisories/20075
http://securityreason.com/securityalert/897
http://www.osvdb.org/25469
http://www.osvdb.org/25470
http://www.securityfocus.com/archive/1/433808
http://www.securityfocus.com/bid/17964
http://www.vupen.com/english/advisories/2006/1787
https://exchange.xforce.ibmcloud.com/vulnerabilities/26500
CVSS v2.0
Source Entity
[email protected]
Severity
MEDIUM
4.3
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:M/Au:N/C:N/I:P/A:N
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2006-2351 Exploits & PoCs (Proof Of Concept)
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Stack
No specific products linked.