Vulnerability-Lookup

CVE-2006-2351 (GCVE-0-2006-2351)

Vulnerability from cvelistv5 – Published: 2006-05-15 10:00 – Updated: 2024-08-07 17:51

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

8 references

URL	Tags
http://www.osvdb.org/25469	vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/archive/1/433808	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/20075	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2006/1787	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/17964	vdb-entryx_refsource_BID
http://securityreason.com/securityalert/897	third-party-advisoryx_refsource_SREASON
http://www.osvdb.org/25470	vdb-entryx_refsource_OSVDB

Date Public

2006-05-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:51:03.499Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25469",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25469"
          },
          {
            "name": "20060511 Ipswitch WhatsUp Professional multiple flaws",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/433808"
          },
          {
            "name": "20075",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20075"
          },
          {
            "name": "whatsup-navigation-toolresults-xss(26500)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26500"
          },
          {
            "name": "ADV-2006-1787",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1787"
          },
          {
            "name": "17964",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17964"
          },
          {
            "name": "897",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/897"
          },
          {
            "name": "25470",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25470"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-05-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "25469",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25469"
        },
        {
          "name": "20060511 Ipswitch WhatsUp Professional multiple flaws",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/433808"
        },
        {
          "name": "20075",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20075"
        },
        {
          "name": "whatsup-navigation-toolresults-xss(26500)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26500"
        },
        {
          "name": "ADV-2006-1787",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1787"
        },
        {
          "name": "17964",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17964"
        },
        {
          "name": "897",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/897"
        },
        {
          "name": "25470",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25470"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2351",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25469",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25469"
            },
            {
              "name": "20060511 Ipswitch WhatsUp Professional multiple flaws",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/433808"
            },
            {
              "name": "20075",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20075"
            },
            {
              "name": "whatsup-navigation-toolresults-xss(26500)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26500"
            },
            {
              "name": "ADV-2006-1787",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1787"
            },
            {
              "name": "17964",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17964"
            },
            {
              "name": "897",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/897"
            },
            {
              "name": "25470",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25470"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2351",
    "datePublished": "2006-05-15T10:00:00.000Z",
    "dateReserved": "2006-05-14T00:00:00.000Z",
    "dateUpdated": "2024-08-07T17:51:03.499Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2006-2351",
      "date": "2026-06-05",
      "epss": "0.00115",
      "percentile": "0.29908"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-2351\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-05-15T10:02:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:whatsup_professional:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEAAA6D2-F90D-431B-B616-9D1EBFB6F115\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:whatsup_professional:2006_premium:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"431DFE67-4665-4475-ABD5-C44E5794304B\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/20075\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/897\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/25469\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/25470\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/433808\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/17964\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1787\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26500\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/25469\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/25470\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/433808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/17964\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1787\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26500\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2006-2351

Vulnerability from fkie_nvd - Published: 2006-05-15 10:02 - Updated: 2026-04-16 00:27

Severity

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/20075	Exploit, Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/897
cve@mitre.org	http://www.osvdb.org/25469
cve@mitre.org	http://www.osvdb.org/25470
cve@mitre.org	http://www.securityfocus.com/archive/1/433808	Exploit, Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/17964	Exploit
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1787	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26500
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20075	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/897
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25469
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25470
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/433808	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17964	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1787	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26500

Impacted products

	Vendor	Product	Version
	ipswitch	whatsup_professional	2006
	ipswitch	whatsup_professional	2006_premium

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ipswitch:whatsup_professional:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEAAA6D2-F90D-431B-B616-9D1EBFB6F115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:whatsup_professional:2006_premium:*:*:*:*:*:*:*",
              "matchCriteriaId": "431DFE67-4665-4475-ABD5-C44E5794304B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp."
    }
  ],
  "id": "CVE-2006-2351",
  "lastModified": "2026-04-16T00:27:16.627",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-05-15T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20075"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/897"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25469"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25470"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/433808"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/17964"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1787"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25469"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25470"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/433808"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/17964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26500"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8C4J-9C2G-XF56

Vulnerability from github – Published: 2022-05-01 06:58 – Updated: 2022-05-01 06:58

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-05-15T10:02:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.",
  "id": "GHSA-8c4j-9c2g-xf56",
  "modified": "2022-05-01T06:58:13Z",
  "published": "2022-05-01T06:58:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2351"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26500"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20075"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/897"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25469"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25470"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/433808"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17964"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1787"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2006-2351

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-2351

Aliases

CVE-2006-2351

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2351",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.",
    "id": "GSD-2006-2351"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2351"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.",
      "id": "GSD-2006-2351",
      "modified": "2023-12-13T01:19:53.174443Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-2351",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "25469",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/25469"
          },
          {
            "name": "20060511 Ipswitch WhatsUp Professional multiple flaws",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/433808"
          },
          {
            "name": "20075",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20075"
          },
          {
            "name": "whatsup-navigation-toolresults-xss(26500)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26500"
          },
          {
            "name": "ADV-2006-1787",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1787"
          },
          {
            "name": "17964",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17964"
          },
          {
            "name": "897",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/897"
          },
          {
            "name": "25470",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/25470"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:whatsup_professional:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:whatsup_professional:2006_premium:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2351"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060511 Ipswitch WhatsUp Professional multiple flaws",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/archive/1/433808"
            },
            {
              "name": "17964",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/17964"
            },
            {
              "name": "20075",
              "refsource": "SECUNIA",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20075"
            },
            {
              "name": "25469",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/25469"
            },
            {
              "name": "25470",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/25470"
            },
            {
              "name": "897",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/897"
            },
            {
              "name": "ADV-2006-1787",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1787"
            },
            {
              "name": "whatsup-navigation-toolresults-xss(26500)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26500"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-20T01:31Z",
      "publishedDate": "2006-05-15T10:02Z"
    }
  }
}

VAR-200605-0053

Vulnerability from variot - Updated: 2025-04-03 22:09

Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploits of these vulnerabilities could allow an attacker to access or modify data, steal cookie-based authentication credentials, perform username-enumeration, access sensitive information, and gain unauthorized access to script source code. Other attacks are also possible. This can be exploited to execute arbitrary HTML and script code in a logged in user's browser session in context of a vulnerable site.

Example: http://[host]:8022/NmConsole/Navigation.asp?">[code]

2) Input passed to NmConsole/Tools.asp and NmConsole/DeviceSelection.asp is also not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a logged in user's browser session in context of a vulnerable site.

3) It's possible to disclose monitored devices without being logged in by passing arbitrary values to the "nDeviceGroupID" parameter in "NmConsole/utility/RenderMap.asp".

Example: http://[host]:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=2

4) Input passed to the "sRedirectUrl" and "sCancelURL" in NmConsole/DeviceSelection.asp is not properly verified, which makes it possible to redirect a user to an arbitrary web site.

It is also possible to disclose the source code of the ASP pages by appending a period to the end of the file extension.

5) Different error messages are returned during login to "NmConsole/Login.asp" depending on whether the supplied username or password is incorrect.

6) It is possible to disclose path information in 404 error messages returned by the service.

SOLUTION: Restrict access to port 8022/tcp and don't visit other web sites while logged in.

PROVIDED AND/OR DISCOVERED BY: 1, 3, 4) David Maciejak 2, 5, 6) Reported by an anonymous person.

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200605-0053",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "whatsup professional",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "2006"
      },
      {
        "model": "whatsup professional",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "2006_premium"
      },
      {
        "model": "whatsup professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ipswitch",
        "version": "20060"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "17964"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-278"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2351"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "David Maciejak is credited with the discovery of these vulnerabilities.",
    "sources": [
      {
        "db": "BID",
        "id": "17964"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-278"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2006-2351",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2006-2351",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-18459",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-2351",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200605-278",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-18459",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-278"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2351"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. WhatsUp Professional is prone to multiple input-validation vulnerabilities. The issues include remote file-include, information-disclosure, source-code disclosure, cross-site scripting, and input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. \nSuccessful exploits of these vulnerabilities could allow an attacker to access or modify data, steal cookie-based authentication credentials, perform username-enumeration, access sensitive information, and gain unauthorized access to script source code. Other attacks are also possible. This can be exploited to execute\narbitrary HTML and script code in a logged in user\u0027s browser session\nin context of a vulnerable site. \n\nExample:\nhttp://[host]:8022/NmConsole/Navigation.asp?\"\u003e[code]\n\n2) Input passed to NmConsole/Tools.asp and\nNmConsole/DeviceSelection.asp is also not properly sanitised before\nbeing returned to users. This can be exploited to execute arbitrary\nHTML and script code in a logged in user\u0027s browser session in context\nof a vulnerable site. \n\n3) It\u0027s possible to disclose monitored devices without being logged\nin by passing arbitrary values to the \"nDeviceGroupID\" parameter in\n\"NmConsole/utility/RenderMap.asp\". \n\nExample:\nhttp://[host]:8022/NmConsole/utility/RenderMap.asp?nDeviceGroupID=2\n\n4) Input passed to the \"sRedirectUrl\" and \"sCancelURL\" in\nNmConsole/DeviceSelection.asp is not properly verified, which makes\nit possible to redirect a user to an arbitrary web site. \n\nIt is also possible to disclose the source code of the ASP pages by\nappending a period to the end of the file extension. \n\n5) Different error messages are returned during login to\n\"NmConsole/Login.asp\" depending on whether the supplied username or\npassword is incorrect. \n\n6) It is possible to disclose path information in 404 error messages\nreturned by the service. \n\nSOLUTION:\nRestrict access to port 8022/tcp and don\u0027t visit other web sites\nwhile logged in. \n\nPROVIDED AND/OR DISCOVERED BY:\n1, 3, 4) David Maciejak\n2, 5, 6) Reported by an anonymous person. \n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2351"
      },
      {
        "db": "BID",
        "id": "17964"
      },
      {
        "db": "VULHUB",
        "id": "VHN-18459"
      },
      {
        "db": "PACKETSTORM",
        "id": "46269"
      }
    ],
    "trust": 1.35
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-18459",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18459"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "17964",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "20075",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-1787",
        "trust": 1.7
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2351",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "897",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "25470",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "25469",
        "trust": 1.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-278",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "26500",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060511 IPSWITCH WHATSUP PROFESSIONAL MULTIPLE FLAWS",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "27861",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "27862",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-81452",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-18459",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "46269",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18459"
      },
      {
        "db": "BID",
        "id": "17964"
      },
      {
        "db": "PACKETSTORM",
        "id": "46269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-278"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2351"
      }
    ]
  },
  "id": "VAR-200605-0053",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18459"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2025-04-03T22:09:50.161000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18459"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2351"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/17964"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/433808"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/25469"
      },
      {
        "trust": 1.7,
        "url": "http://www.osvdb.org/25470"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/20075"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/897"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/1787"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26500"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/1787"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/26500"
      },
      {
        "trust": 0.3,
        "url": "http://www.ipswitch.com/products/whatsup/professional/premium_vs_standard.asp"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/433808"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/9917/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://[host]:8022/nmconsole/utility/rendermap.asp?ndevicegroupid=2"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20075/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/9918/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://[host]:8022/nmconsole/navigation.asp?\"\u003e[code]"
      },
      {
        "trust": 0.1,
        "url": "http://[host]:8022/nmconsole"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-18459"
      },
      {
        "db": "BID",
        "id": "17964"
      },
      {
        "db": "PACKETSTORM",
        "id": "46269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-278"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2351"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-18459"
      },
      {
        "db": "BID",
        "id": "17964"
      },
      {
        "db": "PACKETSTORM",
        "id": "46269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-278"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2351"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-05-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-18459"
      },
      {
        "date": "2006-05-12T00:00:00",
        "db": "BID",
        "id": "17964"
      },
      {
        "date": "2006-05-17T05:39:52",
        "db": "PACKETSTORM",
        "id": "46269"
      },
      {
        "date": "2006-05-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200605-278"
      },
      {
        "date": "2006-05-15T10:02:00",
        "db": "NVD",
        "id": "CVE-2006-2351"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-20T00:00:00",
        "db": "VULHUB",
        "id": "VHN-18459"
      },
      {
        "date": "2006-05-16T16:24:00",
        "db": "BID",
        "id": "17964"
      },
      {
        "date": "2006-05-22T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200605-278"
      },
      {
        "date": "2025-04-03T01:03:51.193000",
        "db": "NVD",
        "id": "CVE-2006-2351"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-278"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ipswitch WhatsUp Professional Multiple cross-site scripting attacks (XSS) Vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-278"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "46269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-278"
      }
    ],
    "trust": 0.7
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-2351 (GCVE-0-2006-2351)

FKIE_CVE-2006-2351

GHSA-8C4J-9C2G-XF56

GSD-2006-2351

VAR-200605-0053

Tags

Sightings

Nomenclature