Cross-Site Scripting Vulnerability in Microsoft Forefront Threat Management Gateway and ISA Server
CVE-2009-0237

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Security And Acceleration Server; Forefront Threat Management Gateway
Vendor: CVE Published:; 15 April 2009

Summary

The vulnerability arises from improper validation in the cookieauth.dll component of the HTML forms authentication in Microsoft Forefront Threat Management Gateway and ISA Server 2006. This flaw allows remote attackers to inject malicious web scripts or HTML into authentication inputs, which can compromise the security of the affected systems and potentially expose sensitive user data. Attackers exploiting this vulnerability could take advantage of code execution possibilities to manipulate user session data, making it essential for organizations to apply the necessary patches and implement security measures to mitigate risks.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://osvdb.org/53637

vdb-entryx_refsource_OSVDB

http://www.us-cert.gov/cas/techalerts/TA09-104A.html

third-party-advisoryx_refsource_CERT

EPSS Score

41% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 15, 2009
Vulnerability Reserved
Jan 20, 2009