Vulnerability Name: | CVE-2006-0015 (CCN-25537) | ||||||||
Assigned: | 2005-11-09 | ||||||||
Published: | 2006-04-11 | ||||||||
Updated: | 2018-10-19 | ||||||||
Summary: | Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. | ||||||||
CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Wed Apr 12 2006 - 16:32:16 CDT Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting Source: MITRE Type: CNA CVE-2006-0015 Source: CCN Type: SA19623 Microsoft FrontPage Server Extensions Cross-Site Scripting Source: SECUNIA Type: Patch, Vendor Advisory 19623 Source: SREASON Type: UNKNOWN 704 Source: CCN Type: SECTRACK ID: 1015895 Microsoft SharePoint Team Services Input Validation Holes Permit Cross-Site Scripting Attacks Source: SECTRACK Type: Patch 1015895 Source: CCN Type: SECTRACK ID: 1015896 Microsoft FrontPage Server Extensions Input Validation Holes Permit Cross-Site Scripting Attacks Source: SECTRACK Type: Patch 1015896 Source: MISC Type: Exploit, Patch, Vendor Advisory http://www.argeniss.com/research/ARGENISS-ADV-040602.txt Source: CCN Type: Microsoft Security Bulletin MS06-017 Vulnerability Using Microsoft Front Page Server Extensions Could Allow Cross Site Scripting (917627) Source: BUGTRAQ Type: UNKNOWN 20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting Source: BID Type: Exploit, Patch 17452 Source: CCN Type: BID-17452 Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-1322 Source: MS Type: UNKNOWN MS06-017 Source: XF Type: UNKNOWN fpse-html-xss(25537) Source: XF Type: UNKNOWN fpse-html-xss(25537) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1748 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |