CVE-2009-0237

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Security And Acceleration Server; Forefront Threat Management Gateway
Vendor: CVE Published:; 15 April 2009

Summary

Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability."

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://osvdb.org/53637

vdb-entryx_refsource_OSVDB

http://www.us-cert.gov/cas/techalerts/TA09-104A.html

third-party-advisoryx_refsource_CERT

EPSS Score

83% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 15, 2009
Vulnerability Reserved
Jan 20, 2009

Collectors

NVD DatabaseMitre Database