HTTP: FrontPage Server Extensions XSS
This signature detects HTTP POST requests to a Microsoft FrontPage Server containing script elements. A successful attack can lead to information disclosure or execution of arbitrary code.
Extended Description
Microsoft FrontPage Server Extensions are prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before it is rendered to other users. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user, with the privileges of the victim users account. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Affected Products
Microsoft windows_xp_home
References
BugTraq: 17452
CVE: CVE-2006-0015
URL: http://msdn.microsoft.com/library/?url=/library/en-us/dnservext02/fpse2002ovrw.asp
Short Name
HTTP:XSS:FRONTPAGE-EXT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2006-0015 Extensions FrontPage Server XSS bid:17452
Release Date
04/11/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3724
False Positive
Unknown
Vendors
Microsoft
CVSS Score
6.8