VULHUB ™

When Microsoft ISA Server cannot retrieve a web document, it returns an error webpage containing the URL that was requested. It is possible for attackers to construct urls that will cause scripting code to be embedded in the error page. Microsoft ISA Server fails to check the URL for the presence of script commands when generating the error page, allowing the attacker-supplied code to execute within the context of a trusted web site.

When Microsoft ISA Server cannot retrieve a web document, it returns an error webpage containing the URL that was requested. It is possible for attackers to construct urls that will cause scripting code to be embedded in the error page. Microsoft ISA Server fails to check the URL for the presence of script commands when generating the error page, allowing the attacker-supplied code to execute within the context of a trusted web site.