CVE-2006-2351: XSS
First published: Mon May 15 2006(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IPswitch WhatsUp Professional | =2006_premium | |
| IPswitch WhatsUp Professional | =2006 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/433808
- http://www.securityfocus.com/bid/17964
- http://secunia.com/advisories/20075
- http://www.osvdb.org/25469
- http://www.osvdb.org/25470
- http://securityreason.com/securityalert/897
- http://www.vupen.com/english/advisories/2006/1787
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26500
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/ipswitch
- canonical/ipswitch whatsup professional
- version/ipswitch whatsup professional/2006_premium
- version/ipswitch whatsup professional/2006