It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Help Center / Reference

BNSEC-00246 XSS-NP, Auth vulnerability in multiple products

  • Type: Knowledgebase
  • Date changed: 2 years ago

Solution #00006520

Scope:

Fixed in Spam Firewall 6.0.0
Fixed in Message Archiver 3.0.0.008
Fixed in Link Balancer 2.5.0.027

Severity: Low

Description:

The product versions listed above contain a non-persistent XSS vulnerability. To trigger this attack an attacker must authenticate as an administrative user prior to delivering the attack. The attack provides no privilege escalation.

To ensure maximum protection Barracuda Networks recommends that all customers upgrade to the latest generally available firmware and enable all definition updates.

Credits:

Adi Volkovitz,Ashish Kamble,Ashkan Jahanbakhsh,David Niedermaier,Ebrahim Hegazy,John Carroll,Jon of Bitquark,Mohammed Abdelkader,Nitin Goplani,Phil Purviance,w4rri0r,Zakaria Amous

Link to this page:

https://campus.barracuda.com/solution/501600000013gvcAAA