CVE-2006-0015

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sharepoint Team Services; Frontpage Server Extensions
Vendor: CVE Published:; 11 April 2006

Summary

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25537

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/17452

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/430803/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

12% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 11, 2006
Vulnerability Reserved
Nov 9, 2005

Collectors

NVD DatabaseMitre Database