Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2333

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.8%

top 25.95%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Barracuda Networks Barracuda Spam Firewall

Timeline

PublishedMay 23

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDbarracuda_networks/barracuda_spam_firewall3.5.11.020+12

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-3f86-x5fq-f2xm: Cross-site scripting (XSS) vulnerability in ldap_test↗2022-05-01

▶

CVEList

CVE-2008-2333: Cross-site scripting (XSS) vulnerability in ldap_test↗2008-05-23

▶

💥Exploits & PoCs

Exploit-DB

Barracuda Spam Firewall 3.5.11 - 'ldap_test.cgi' Cross-Site Scripting↗2008-05-22

▶