Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-0015

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

Published

2006-04-11T23:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	frontpage_server_extensions	2002	Yes
Application	microsoft	sharepoint_team_services	*	Yes

References

http://secunia.com/advisories/19623 Patch, Vendor Advisory ([email protected])
http://securityreason.com/securityalert/704 ([email protected])
http://securitytracker.com/id?1015895 Patch ([email protected])
http://securitytracker.com/id?1015896 Patch ([email protected])
http://www.argeniss.com/research/ARGENISS-ADV-040602.txt Exploit, Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/430803/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/17452 Exploit, Patch ([email protected])
http://www.vupen.com/english/advisories/2006/1322 ([email protected])
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/25537 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748 ([email protected])
http://secunia.com/advisories/19623 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/704 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015895 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015896 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.argeniss.com/research/ARGENISS-ADV-040602.txt Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/430803/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/17452 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/1322 (af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/25537 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748 (af854a3a-2127-422b-91ae-364da2661108)