Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0015 — Cross-site Scripting in Microsoft Frontpage Server Extensions

5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

33.6%

top 3.06%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Frontpage Server Extensions

Timeline

PublishedApr 11

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/frontpage2002

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-78hp-864j-39pv: Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll↗2022-05-01

▶

CVEList

CVE-2006-0015: Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll↗2006-04-11

▶

💥Exploits & PoCs

Exploit-DB

Microsoft FrontPage - Server Extensions Cross-Site Scripting↗2006-04-11

▶

💬Community

Bugzilla

CVE-2006-2440 ImageMagick heap overflow↗2006-05-18

▶