CVE-2010-3936

Name of the Vulnerable Software and Affected Versions Microsoft Forefront Unified Access Gateway versions 2010 Gold, 2010 Update 1, and 2010 Update 2

Description The issue is related to a lack of protection for the web page structure in the Signurl.asp component. This allows a remote attacker to perform cross-site scripting (XSS) attacks, which can enable the injection of arbitrary web scripts or HTML.

Recommendations For Microsoft Forefront Unified Access Gateway versions 2010 Gold, 2010 Update 1, and 2010 Update 2, consider restricting access to the Signurl.asp component until a patch is available. As a temporary workaround, avoid using the Signurl.asp component in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.