CVE-2006-0015

medium

Description

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748

https://exchange.xforce.ibmcloud.com/vulnerabilities/25537

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017

http://www.vupen.com/english/advisories/2006/1322

http://www.securityfocus.com/archive/1/430803/100/0/threaded

http://securitytracker.com/id?1015896

http://securitytracker.com/id?1015895

http://securityreason.com/securityalert/704

http://secunia.com/advisories/19623

Details

Source: Mitre, NVD

Published: 2006-04-11

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium