CVE-2006-2351

Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/20075	Exploit Vendor Advisory
http://securityreason.com/securityalert/897
http://www.osvdb.org/25469
http://www.osvdb.org/25470
http://www.securityfocus.com/archive/1/433808	Exploit Vendor Advisory
http://www.securityfocus.com/bid/17964	Exploit
http://www.vupen.com/english/advisories/2006/1787	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26500

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ipswitch:whatsup_professional:2006:::::::*
	cpe:2.3:a:ipswitch:whatsup_professional:2006_premium:::::::*

History

No history.

Information

Published : 2006-05-15 10:02

Updated : 2024-02-04 16:52

NVD link : CVE-2006-2351

Mitre link : CVE-2006-2351

CVE.ORG link : CVE-2006-2351

JSON object : View

Products Affected

ipswitch

whatsup_professional

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2006-2351", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-05-15T10:02:00.000", "references": [{"url": "http://secunia.com/advisories/20075", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/897", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25469", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/25470", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/433808", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17964", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1787", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26500", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp."}], "lastModified": "2017-07-20T01:31:23.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ipswitch:whatsup_professional:2006:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEAAA6D2-F90D-431B-B616-9D1EBFB6F115"}, {"criteria": "cpe:2.3:a:ipswitch:whatsup_professional:2006_premium:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "431DFE67-4665-4475-ABD5-C44E5794304B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}