Vulnerability Description
Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Frontpage Server Extensions | 2002 |
| Microsoft | Sharepoint Team Services | All versions |
References
- http://secunia.com/advisories/19623PatchVendor Advisory
- http://securityreason.com/securityalert/704
- http://securitytracker.com/id?1015895Patch
- http://securitytracker.com/id?1015896Patch
- http://www.argeniss.com/research/ARGENISS-ADV-040602.txtExploitPatchVendor Advisory
- http://www.securityfocus.com/archive/1/430803/100/0/threaded
- http://www.securityfocus.com/bid/17452ExploitPatch
- http://www.vupen.com/english/advisories/2006/1322
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25537
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/19623PatchVendor Advisory
- http://securityreason.com/securityalert/704
- http://securitytracker.com/id?1015895Patch
- http://securitytracker.com/id?1015896Patch
FAQ
What is CVE-2006-0015?
CVE-2006-0015 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web sc...
How severe is CVE-2006-0015?
CVE-2006-0015 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0015?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Frontpage Server Extensions, Microsoft Sharepoint Team Services.