CVE-2010-3936 — Cross-site Scripting in Microsoft Forefront Unified Access Gateway

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

42.4%

top 2.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Forefront Unified Access Gateway

Timeline

PublishedNov 10

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/forefront_unified_access_gateway2010

🔴Vulnerability Details

GHSA

GHSA-3j5w-2wjq-63hj: Cross-site scripting (XSS) vulnerability in Signurl↗2022-05-14

▶

CVEList

CVE-2010-3936: Cross-site scripting (XSS) vulnerability in Signurl↗2010-11-10

▶