Fixed in Spam Firewall 6.0.2.001,5.1.3.006
This vulnerability is a non-persistent XSS. Successful exploitation requires an authenticated user to manipulate his own request to deliver a script payload. The attack has not been found to result in any privilege escalation and is considered a code hygiene problem and not a vulnerability.
To ensure maximum protection Barracuda Networks recommends that all customers upgrade to the latest generally available firmware and enable all definition updates.
hauntit blog,Vulnerability Lab,William Costa,Yogesh D Jaygadkar