CVE-2006-2351 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.

Reference

http://secunia.com/advisories/20075 http://securityreason.com/securityalert/897 http://www.osvdb.org/25469 http://www.osvdb.org/25470 http://www.securityfocus.com/archive/1/433808 http://www.securityfocus.com/bid/17964 http://www.vupen.com/english/advisories/2006/1787 https://exchange.xforce.ibmcloud.com/vulnerabilities/26500