Knowledgebase

Barracuda's award-winning technical support is available 24x7 worldwide.
Your time is valuable, which is why we will always connect you with a live person.


BNSEC-00703 Authenticated, persistent XSS vulnerability in Message Archiver

Solution #00006604

Scope:

Fixed in Message Archiver 3.2.0.026

Severity: Medium

Description:

Barracuda message Archiver is vulnerable to an authenticated persistent XSS in the versions listed above. The vulnerability allows remote attackers to inject persistent malicious script via the web interface of the device. The attacker must have partial admin privileges in order to execute the attack. In practice this vulnerability may be exploitable.

To ensure maximum protection Barracuda Networks recommends that all customers upgrade to the latest generally available firmware and enable all definition updates.

Credits:

Vulnerability Lab

Link to this page:

http://www.barracuda.com/kb?id=501600000013lXe