OS-WINDOWS Microsoft generic javascript handler in URI XSS attempt
Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
CVSS base score 4.3 CVSS impact score 2.9 CVSS exploitability score 8.6 confidentialityImpact NONE integrityImpact PARTIAL availabilityImpact PARTIAL
CVE-2011-1897:
CVSS base score 4.3
CVSS impact score 2.9
CVSS exploitability score 8.6
Confidentiality Impact NONE
Integrity Impact PARTIAL
Availability Impact NONE
CVE-2012-0017:
CVSS base score 4.3
CVSS impact score 2.9
CVSS exploitability score 8.6
Confidentiality Impact NONE
Integrity Impact PARTIAL
Availability Impact NONE
CVE-2015-6099:
CVSS base score 4.3
CVSS impact score 2.9
CVSS exploitability score 8.6
Confidentiality Impact NONE
Integrity Impact PARTIAL
Availability Impact NONE
CVE-2016-3212:
CVSS base score 6.1
CVSS impact score 2.7
CVSS exploitability score 2.8
Confidentiality Impact LOW
Integrity Impact LOW
Availability Impact NONE
CVE-2011-1897: Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
CVE-2012-0017: Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
CVE-2015-6099: Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."
CVE-2016-3212: The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
CVE-2011-1897:
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE
CVE-2012-0017:
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE
CVE-2015-6099:
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE
CVE-2016-3212:
Access Vector
Access Complexity
Authentication
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.