Description
Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
Affected products
- Barracuda Networks / barracuda_spam_firewall3.5.11.020
- Barracuda Networks / barracuda_spam_firewall3.1.10 – 3.1.10
- Barracuda Networks / barracuda_spam_firewall3.1.16 – 3.1.16
- Barracuda Networks / barracuda_spam_firewall3.1.17 – 3.1.17
- Barracuda Networks / barracuda_spam_firewall3.1.18 – 3.1.18
- Barracuda Networks / barracuda_spam_firewall3.3.0.54 – 3.3.0.54
- Barracuda Networks / barracuda_spam_firewall3.3.01.001 – 3.3.01.001
- Barracuda Networks / barracuda_spam_firewall3.3.3 – 3.3.3
- Barracuda Networks / barracuda_spam_firewall3.3.03.053 – 3.3.03.053
- Barracuda Networks / barracuda_spam_firewall3.3.03.055 – 3.3.03.055
- Barracuda Networks / barracuda_spam_firewall3.3.15.026 – 3.3.15.026
- Barracuda Networks / barracuda_spam_firewall3.4 – 3.4
- Barracuda Networks / barracuda_spam_firewall3.4.10.102 – 3.4.10.102
References
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/1627/references
- MISChttp://www.securityfocus.com/archive/1/492475/100/0/threaded
- MISChttp://www.securityfocus.com/bid/29340
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/42594
- MISChttp://www.securitytracker.com/id?1020108
- MISChttp://www.barracudanetworks.com/ns/support/tech_alert.php
- VENDOR_ADVISORYhttp://secunia.com/advisories/30362
- MISChttp://www.irmplc.com/index.php/168-Advisory-027