cbcvebase.
CVE-2009-0237
published 2009-04-15

CVE-2009-0237: Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium…

PriorityP430medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
22.85%
97.4th percentile
Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability."

Affected

2 ranges
VendorProductVersion rangeFixed in
microsoftinternet_security_and_acceleration_server
microsoftinternet_security_and_acceleration_server
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.