TITLE: Microsoft FrontPage Server Extensions Cross-Site Scripting SECUNIA ADVISORY ID: SA19623 VERIFY ADVISORY: http://secunia.com/advisories/19623/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: Microsoft FrontPage Server Extensions 2002 http://secunia.com/product/6314/ Microsoft SharePoint Team Services http://secunia.com/product/1529/ DESCRIPTION: A vulnerability has been reported in Microsoft FrontPage Server Extensions, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. SOLUTION: Apply patches. FrontPage Server Extensions 2002 (Windows Server 2003 and Windows Server 2003 SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=5C03F85A-5228-47FB-A338-90FA23818E08 FrontPage Server Extensions 2002 (Windows Server 2003 for Itanium-based systems and Windows Server 2003 with SP1 for Itanium-based systems): http://www.microsoft.com/downloads/details.aspx?FamilyId=59F15A6B-CC1B-43D5-A007-BFC9ABB63486 FrontPage Server Extensions 2002 (x64 Edition) downloaded and installed on Windows Server 2003 x64 Edition and Windows XP Pro x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=F453530D-7063-49AB-B304-9C455DE6D8DA FrontPage Server Extensions 2002 (x86 Editions) downloaded and installed on Windows Server 2000 SP4, Windows XP SP1, and Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=F453530D-7063-49AB-B304-9C455DE6D8DA Microsoft SharePoint Team Services: http://www.microsoft.com/downloads/details.aspx?FamilyId=EEE40662-39E6-4C07-8241-1AC4F5D24FFC PROVIDED AND/OR DISCOVERED BY: The vendor credits Esteban Martínez Fayó. ORIGINAL ADVISORY: MS06-017 (KB917627): http://www.microsoft.com/technet/security/Bulletin/MS06-017.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------