3.5
CVE-2008-0971
- EPSS 0.34%
- Published 19.12.2008 17:30:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter.
Data is provided by the National Vulnerability Database (NVD)
Barracuda Networks ≫ Barracuda Im Firewall Version <= 3.0.01.008
Barracuda Networks ≫ Barracuda Load Balancer Version <= 2.2.006
Barracuda Networks ≫ Barracuda Message Archiver Version <= 1.1.0.010
Barracuda Networks ≫ Barracuda Spam Firewall Version <= 3.5.11.020
Barracuda Networks ≫ Barracuda Web Filter Version <= 3.3.0.038
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.557 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.