Solution #00006524
Scope:
Barracuda SSLVPN v2.4 and earlier (resolved in v2.4)
Severity: Medium
Description:
The product version listed above are vulnerable to a non-persistent XSS attack. The attacker can deliver the attack using a specially crafted URL. The attack will persist in the URL until the victim authenticates at which time the payload will be executed. The payload will not execute with subsequent page loads.
For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions.
Credits:
Sergey Markov, David Niedermaier, Philippe Arteau, David García Muñoz, Mario Gomes, Ebrahem Hegazy
Link to this page:
https://campus.barracuda.com/solution/501600000013gx4AAA