{"api_version":"1","generated_at":"2026-04-23T23:09:08+00:00","cve":"CVE-2006-0015","urls":{"html":"https://cve.report/CVE-2006-0015","api":"https://cve.report/api/cve/CVE-2006-0015.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-0015","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-0015"},"summary":{"title":"CVE-2006-0015","description":"Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.","state":"PUBLISHED","assigner":"microsoft","published_at":"2006-04-11 23:02:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securityfocus.com/bid/17452","name":"http://www.securityfocus.com/bid/17452","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://securityreason.com/securityalert/704","name":"http://securityreason.com/securityalert/704","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1015895","name":"http://securitytracker.com/id?1015895","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Microsoft SharePoint Team Services Input Validation Holes Permit Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://secunia.com/advisories/19623","name":"http://secunia.com/advisories/19623","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Microsoft FrontPage Server Extensions Cross-Site Scripting - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS06-017 - Moderate | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/1322","name":"http://www.vupen.com/english/advisories/2006/1322","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1015896","name":"http://securitytracker.com/id?1015896","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"SecurityTracker.com Archives - Microsoft FrontPage Server Extensions Input Validation Holes Permit Cross-Site Scripting Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.argeniss.com/research/ARGENISS-ADV-040602.txt","name":"http://www.argeniss.com/research/ARGENISS-ADV-040602.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"404 - Not Found","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25537","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25537","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/430803/100/0/threaded","name":"http://www.securityfocus.com/archive/1/430803/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-0015","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-0015","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"15","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"frontpage_server_extensions","cpe6":"2002","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"15","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"sharepoint_team_services","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2006","cve_id":"15","cve":"CVE-2006-0015","epss":"0.335590000","percentile":"0.969450000","score_date":"2026-04-19","updated_at":"2026-04-20 00:11:20"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T16:18:20.725Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"fpse-html-xss(25537)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"},{"name":"17452","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/17452"},{"name":"20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/430803/100/0/threaded"},{"name":"oval:org.mitre.oval:def:1748","tags":["vdb-entry","signature","x_refsource_OVAL","x_transferred"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"},{"name":"19623","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/19623"},{"name":"704","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/704"},{"name":"1015896","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1015896"},{"name":"ADV-2006-1322","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/1322"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"},{"name":"1015895","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1015895"},{"name":"MS06-017","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-04-11T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-19T14:57:01.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"name":"fpse-html-xss(25537)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"},{"name":"17452","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/17452"},{"name":"20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/430803/100/0/threaded"},{"name":"oval:org.mitre.oval:def:1748","tags":["vdb-entry","signature","x_refsource_OVAL"],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"},{"name":"19623","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/19623"},{"name":"704","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/704"},{"name":"1015896","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1015896"},{"name":"ADV-2006-1322","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/1322"},{"tags":["x_refsource_MISC"],"url":"http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"},{"name":"1015895","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1015895"},{"name":"MS06-017","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2006-0015","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"fpse-html-xss(25537)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25537"},{"name":"17452","refsource":"BID","url":"http://www.securityfocus.com/bid/17452"},{"name":"20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/430803/100/0/threaded"},{"name":"oval:org.mitre.oval:def:1748","refsource":"OVAL","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1748"},{"name":"19623","refsource":"SECUNIA","url":"http://secunia.com/advisories/19623"},{"name":"704","refsource":"SREASON","url":"http://securityreason.com/securityalert/704"},{"name":"1015896","refsource":"SECTRACK","url":"http://securitytracker.com/id?1015896"},{"name":"ADV-2006-1322","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/1322"},{"name":"http://www.argeniss.com/research/ARGENISS-ADV-040602.txt","refsource":"MISC","url":"http://www.argeniss.com/research/ARGENISS-ADV-040602.txt"},{"name":"1015895","refsource":"SECTRACK","url":"http://securitytracker.com/id?1015895"},{"name":"MS06-017","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-017"}]}}}},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2006-0015","datePublished":"2006-04-11T23:00:00.000Z","dateReserved":"2005-11-09T00:00:00.000Z","dateUpdated":"2024-08-07T16:18:20.725Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-04-11 23:02:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*","matchCriteriaId":"E7E274F0-F1B8-4C3D-961B-80B92830ABF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:sharepoint_team_services:*:*:*:*:*:*:*:*","matchCriteriaId":"83ADDF33-AC0A-43F1-8250-EC84221F02D6"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"15","Ordinal":"1","Title":"CVE-2006-0015","CVE":"CVE-2006-0015","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"15","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.","Type":"Description","Title":"CVE-2006-0015"},{"CveYear":"2006","CveId":"15","Ordinal":"2","NoteData":"2006-04-11","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"15","Ordinal":"3","NoteData":"2018-10-19","Type":"Other","Title":"Modified"}]}}}