This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.
The remote web server contains a server extension that is affected by
several cross-site scripting flaws.
The version of Microsoft FrontPage Server Extensions 2002 / SharePoint
Team Services on the remote host fails to sanitize user-supplied input
to the 'operation', 'command', and 'name' parameters of
'/_vti_bin/_vti_adm/fpadmdll.dll' before using it to generate dynamic
HTML. An attacker may be able to exploit this issue to cause arbitrary
HTML and script code to be executed by a user's browser in the context
of the affected website. If the user is an administrator, successful
exploitation will give the attacker complete control over the affected
See also :
Microsoft has released a set of patches for Frontapage 2002 for XP and
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.6
Public Exploit Available : true
Family: Windows : Microsoft Bulletins
Nessus Plugin ID: 21247 (frontpage_fpadmdll_xss.nasl)
Bugtraq ID: 17452
CVE ID: CVE-2006-0015
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.