Barracuda Icon

Click for live chat

Support

A global support network of experts.
At your service.

Back to Knowledgebase

BNSEC-01052 Authenticated, non-persistent XSS, remotely exploitable vulnerability in Spam Firewall

Solution #00006606

Scope:

Fixed in Spam Firewall 6.0.2.001,5.1.3.006

Severity: Low

Description:

This vulnerability is a non-persistent XSS. Successful exploitation requires an authenticated user to manipulate his own request to deliver a script payload. The attack has not been found to result in any privilege escalation and is considered a code hygiene problem and not a vulnerability.

To ensure maximum protection Barracuda Networks recommends that all customers upgrade to the latest generally available firmware and enable all definition updates.

Credits:

hauntit blog,Vulnerability Lab,William Costa,Yogesh D Jaygadkar

Link to this page:

http://www.barracuda.com/kb?id=501600000013lYI