Barracuda Spam and Virus Firewall v5.1.3 and earlier (resolved in v5.1.3)
The product version(s) listed above contained a non-persistent XSS vulnerability. Successful exploitation of the vulnerability requires that the attacker authenticate to the device as an administrator and specially craft an attack URL using the current login session to attack himself. This vulnerability is not exploitable in practice.
For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions.
Zakaria Amous (earthwave.com.au)
Link to this page: