CVE-2010-2733

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

47.9%

top 2.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Forefront Unified Access Gateway

Timeline

PublishedNov 10

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/forefront_unified_access_gateway2010

🔴Vulnerability Details

GHSA

GHSA-68w3-hcjc-pxw8: Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Upd↗2022-05-14

▶

CVEList

CVE-2010-2733: Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Upd↗2010-11-10

▶

💥Exploits & PoCs

Exploit-DB

Simple PHP Blog 0.4.0 - Remote Command Execution (Metasploit)↗2010-07-25

▶