Cross-Site Scripting Vulnerability in Microsoft Forefront Unified Access Gateway
CVE-2010-3936

Currently unrated

Key Information:

Vendor: Microsoft
Status: Forefront Unified Access Gateway
Vendor: CVE Published:; 10 November 2010

Summary

The vulnerability in Signurl.asp of Microsoft Forefront Unified Access Gateway (UAG) enables remote attackers to execute arbitrary web scripts or HTML code. This occurs through several unspecified vectors, which could be leveraged to perform attacks like session hijacking or redirecting users to malicious websites. Users and administrators are encouraged to apply the patch provided in the MS10-089 advisory to mitigate this security risk.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.us-cert.gov/cas/techalerts/TA10-313A.html

third-party-advisoryx_refsource_CERT

EPSS Score

42% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 10, 2010
Vulnerability Reserved
Oct 14, 2010