CVE-2008-0971

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

3.5LOW

EPSS

0.3%

top 43.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Barracuda Networks Barracuda IM Firewall Barracuda Networks Barracuda Load Balancer Barracuda Networks Barracuda Message Archiver +2 more

Timeline

PublishedDec 19

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention P…

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages5 packages

▶NVDbarracuda_networks/barracuda_spam_firewall3.5.11.020

▶NVDbarracuda_networks/barracuda_message_archiver1.1.0.010

▶NVDbarracuda_networks/barracuda_im_firewall3.0.01.008

▶NVDbarracuda_networks/barracuda_web_filter3.3.0.038

▶NVDbarracuda_networks/barracuda_load_balancer2.2.006

🔴Vulnerability Details

GHSA

GHSA-j23m-2qch-pvvp: Multiple cross-site scripting (XSS) vulnerabilities in index↗2022-05-01

▶

CVEList

CVE-2008-0971: Multiple cross-site scripting (XSS) vulnerabilities in index↗2008-12-19

▶