Family: Windows : Microsoft Bulletins --> Category: infos
FrontPage fpadmdll.dll Cross-Site Scripting Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks version of FrontPage's fpadmdll.dll
Detailed Explanation for this Vulnerability Test
The remote web server contains a server extension that is affected by
several cross-site scripting flaws.
The version of Microsoft FrontPage Server Extensions 2002 / SharePoint
Team Services on the remote host fails to sanitize user-supplied input
to the 'operation', 'command', and 'name' parameters of
'/_vti_bin/_vti_adm/fpadmdll.dll' before using it to generate dynamic
HTML. A possible hacker may be able to exploit this issue to cause
arbitrary HTML and script code to be executed by a user's browser in
the context of the affected web site. If the user is an
administrator, successful exploitation will give the attacker complete
control over the affected application.
Microsoft has released a set of patches for Frontapage 2002 for XP and
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.