4.3
CVE-2007-5058
- EPSS 1.57%
- Veröffentlicht 24.09.2007 22:17:00
- Zuletzt bearbeitet 16.06.2026 22:45:22
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Barracuda Networks ≫ Barracuda Spam Firewall Version <= 3.4.10.102
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.57% | 0.721 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://osvdb.org/38156
http://secunia.com/advisories/26937
http://securityreason.com/securityalert/3164
http://www.barracudanetworks.com/ns/support/tech_alert.php
http://www.infobyte.com.ar/adv/ISR-15.html
http://www.securityfocus.com/archive/1/480238/100/0/threaded
http://www.securityfocus.com/bid/25757
http://www.securitytracker.com/id?1018733
http://www.vupen.com/english/advisories/2007/3257
https://exchange.xforce.ibmcloud.com/vulnerabilities/36716