Client Side XSS (Users how use ISA as proxy)
http://www.cisco.com Cross Site Scripting ,Web Site Spoofing agenst ISA Proxy,by Brett Moore
Microsoft ISA Server XSS Cross Site Scripting ,Script injection agenst ISA Proxy,by infoHacking
Email XSS
http://www.microsoft.com ,
http://www.microsoft.com , by Malware -true status and a false destination
Server Side XSS (sites that use ISA as firewall)
dr.dk , Server Side XSS, by Thor Larholm
my Version

Impact
Stealing cookies from any ISA-protected site,
cross-site scripting to any ISA-protected site,
hijacking Hotmail and Passport accounts,
elevating priveleges through ActiveX components,
hijacking the MSN Messenger client, etc.

Enter the domain name to your IIS server to see the cookies: