CVE-2006-2351

Опубликовано: 15 мая 2006

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.

Ссылки

http://secunia.com/advisories/20075
Exploit
Vendor Advisory
http://securityreason.com/securityalert/897
http://www.osvdb.org/25469
http://www.osvdb.org/25470
http://www.securityfocus.com/archive/1/433808
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/17964
Exploit
http://www.vupen.com/english/advisories/2006/1787
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26500
http://secunia.com/advisories/20075
Exploit
Vendor Advisory
http://securityreason.com/securityalert/897
http://www.osvdb.org/25469
http://www.osvdb.org/25470
http://www.securityfocus.com/archive/1/433808
Exploit
Vendor Advisory
http://www.securityfocus.com/bid/17964
Exploit
http://www.vupen.com/english/advisories/2006/1787
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26500

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ipswitch:whatsup_professional:2006:*:*:*:*:*:*:*

cpe:2.3:a:ipswitch:whatsup_professional:2006_premium:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00901

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8c4j-9c2g-xf56

github

почти 4 года назад