It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Help Center / Reference

BNSEC-00278: Unauthenticated non-persistent XSS in Barracuda SSL VPN v2.2.2

  • Type: Knowledgebase
  • Date changed: 2 years ago

Solution #00006583


Barracuda SSL VPN 2.2.2 and earlier (resolved in

Severity: Medium


The Barracuda SSL VPN in the above mentioned versions is vulnerable to a non-persistent XSS attack. Successful exploitation of the vulnerability requires that the attacker convince an authenticated administrative user to follow a specially crafted link or redirect containing the malicious code. If successfully delivered the attacker may be able to gain credentials or access to the device. 

For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions.


Benjamin Mejri of Vulnerability Laboratory

Link to this page: