Cross site scripting

2012-08-3120:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.

CPENameOperatorVersion
barracuda_ssl_vpneq1.2.6.004
barracuda_ssl_vpnle1.7.2.004
barracuda_ssl_vpneq1.5.0.29

Name	Operator	Version
barracuda_ssl_vpn	eq	1.2.6.004
barracuda_ssl_vpn	le	1.7.2.004
barracuda_ssl_vpn	eq	1.5.0.29

References

archives.neohapsis.com/archives/bugtraq/2012-08/0003.html

www.securityfocus.com/bid/54761

www.securitytracker.com/id?1027279

exchange.xforce.ibmcloud.com/vulnerabilities/77365

www.barracudanetworks.com/ns/support/tech_alert.php