CVE-2006-0015 - OpenCVE

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Frontpage Server Extensions Sharepoint Team Services

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:frontpage_server_extensions:2002:::::::*
	cpe:2.3:a:microsoft:sharepoint_team_services::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/19623
http://securityreason.com/securityalert/704
http://securitytracker.com/id?1015895
http://securitytracker.com/id?1015896
http://www.argeniss.com/research/ARGENISS-ADV-040602.txt
http://www.securityfocus.com/archive/1/430803/100/0/threaded
http://www.securityfocus.com/bid/17452
http://www.vupen.com/english/advisories/2006/1322
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017
https://exchange.xforce.ibmcloud.com/vulnerabilities/25537
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2006-04-11T23:00:00

Updated: 2024-08-07T16:18:20.725Z

Reserved: 2005-11-09T00:00:00

Link: CVE-2006-0015

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-04-11T23:02:00.000

Modified: 2018-10-19T15:42:00.680

Link: CVE-2006-0015

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-04-11T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "fpse-html-xss(25537)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"}, {"name": "17452", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17452"}, {"name": "20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1748", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"}, {"name": "19623", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19623"}, {"name": "704", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/704"}, {"name": "1015896", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015896"}, {"name": "ADV-2006-1322", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/1322"}, {"tags": ["x_refsource_MISC"], "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"}, {"name": "1015895", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015895"}, {"name": "MS06-017", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-0015", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "fpse-html-xss(25537)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"}, {"name": "17452", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17452"}, {"name": "20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1748", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"}, {"name": "19623", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19623"}, {"name": "704", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/704"}, {"name": "1015896", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015896"}, {"name": "ADV-2006-1322", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/1322"}, {"name": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt", "refsource": "MISC", "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"}, {"name": "1015895", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015895"}, {"name": "MS06-017", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:18:20.725Z"}, "title": "CVE Program Container", "references": [{"name": "fpse-html-xss(25537)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"}, {"name": "17452", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17452"}, {"name": "20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:1748", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"}, {"name": "19623", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19623"}, {"name": "704", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/704"}, {"name": "1015896", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015896"}, {"name": "ADV-2006-1322", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/1322"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"}, {"name": "1015895", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015895"}, {"name": "MS06-017", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-0015", "datePublished": "2006-04-11T23:00:00", "dateReserved": "2005-11-09T00:00:00", "dateUpdated": "2024-08-07T16:18:20.725Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*", "matchCriteriaId": "E7E274F0-F1B8-4C3D-961B-80B92830ABF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:sharepoint_team_services:*:*:*:*:*:*:*:*", "matchCriteriaId": "83ADDF33-AC0A-43F1-8250-EC84221F02D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."}], "id": "CVE-2006-0015", "lastModified": "2018-10-19T15:42:00.680", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-04-11T23:02:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19623"}, {"source": "secure@microsoft.com", "url": "http://securityreason.com/securityalert/704"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015895"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://securitytracker.com/id?1015896"}, {"source": "secure@microsoft.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/430803/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/17452"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2006/1322"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}