CVE-2006-0015 - Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Se

CVE-2006-0015

Summary

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_team_services:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sharepoint_team_services:*:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 19-10-2018 - 15:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

oval via4

accepted

2015-08-10T04:00:22.654-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment	Microsoft FrontPage Server Extensions 2002 is installed
oval	oval:org.mitre.oval:def:28542

description

family

windows

oval:org.mitre.oval:def:1748

status

accepted

submitted

2006-04-13T02:47:00.000-04:00

title

FPSE XSS Vulnerability

version

refmap via4

bid	17452
bugtraq	20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting
misc	http://www.argeniss.com/research/ARGENISS-ADV-040602.txt
sectrack	1015895 1015896
secunia	19623
sreason	704
vupen	ADV-2006-1322
xf	fpse-html-xss(25537)

Last major update

19-10-2018 - 15:42

Published

11-04-2006 - 23:02

Last modified

19-10-2018 - 15:42