Barracuda Web Application Firewall 7.6.4 & earlier (resolved in 7.6.4.015)
The product versions listed above contain an unresolved non-persistent XSS vulnerability. To trigger this attack an attacker must authenticate as an administrative user prior to delivering the attack. The attack provides no privilege escalation and poses no viable risk to our customers.
For maximum protection, Barracuda Networks recommends that all customers ensure that their attack and security definitions are set to On and to upgrade to the latest generally available release of the firmware and security definitions.
Link to this page: