We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information

Accept

It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Security Gateway

Forensics & Incident Response

Message Archiver

Cloud Archiving Service

Total Email Protection

CloudGen Firewall

Firewall Insights

NextGen Firewall X

Network Access Client

Web Security Gateway

Web Security Agent

Web Application Firewall

WAF Control Center

WAF-as-a-Service

Vulnerability Manager

Vulnerability Remediation Service

Active DDoS Prevention

Load Balancer ADC

Cloud Security Guardian

Reporting Server

Cloud-to-Cloud Backup

Managed Workplace

Intronis Backup

Reference / FAQ

TechSummit 2019

Barracuda Reference / FAQ

Overview Documentation

Email Security Gateway

Forensics & Incident Response

Message Archiver

Cloud Archiving Service

Total Email Protection

CloudGen Firewall

Firewall Insights

NextGen Firewall X

Network Access Client

Web Security Gateway

Web Security Agent

Web Application Firewall

WAF Control Center

WAF-as-a-Service

Vulnerability Manager

Vulnerability Remediation Service

Active DDoS Prevention

Load Balancer ADC

Cloud Security Guardian

Reporting Server

Cloud-to-Cloud Backup

Managed Workplace

Intronis Backup

Reference / FAQ

TechSummit 2019

Login Sign Up Contact & Support

United States – English (GMT-5)

Back to Knowledgebase

BNSEC-00739 Unauthenticated, persistent XSS vulnerability in the Barracuda Phone System

Type: Knowledgebase
Date changed: 5 months ago

Solution #00006582

Scope:

Fixed in Barracuda Phone System firmware 3.0.004

Severity: Medium

Description:

The firmware update listed above contains a fix for an unauthenticated non-persistent XSS in the Barracuda Phone System. Successful exploitation of the vulnerability requires that the attacker convince an authenticated administrative user to follow a specially crafted link or redirect containing the malicious code.

To ensure maximum protection Barracuda Networks recommends that all customers upgrade to the latest generally available firmware and enable all definition updates.

Credits:

Mateusz Goik

Link to this page:

https://campus.barracuda.com/solution/501600000013kOcAAI

*** Note that the Barracuda Phone System was formerly known as the Cudatel Communication Server