CVE-2009-0237 — Cross-site Scripting in Microsoft Internet Security AND Acceleration Server

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

41.9%

top 2.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Security AND Acceleration Server

Timeline

PublishedApr 15

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/internet_security_and_acceleration_server2004, 2006+1

🔴Vulnerability Details

GHSA

GHSA-xxfx-h76g-4vhr: Cross-site scripting (XSS) vulnerability in cookieauth↗2022-05-02

▶

CVEList

CVE-2009-0237: Cross-site scripting (XSS) vulnerability in cookieauth↗2009-04-15

▶