CVE-2009-0237

Name of the Vulnerable Software and Affected Versions Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE) (affected versions not specified) Microsoft Internet Security and Acceleration (ISA) Server versions 2006, 2006 Supportability Update, and 2006 SP1

Description A cross-site scripting (XSS) issue exists in the HTML forms authentication component. This allows remote attackers to inject arbitrary web script or HTML via authentication input.

Recommendations For Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE), at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Microsoft Internet Security and Acceleration (ISA) Server versions 2006, 2006 Supportability Update, and 2006 SP1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.