CVE-2008-2333

Barracuda Networks Barracuda Spam Firewall < 3.5.11.020 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Information Risk Management Plc · textremotehardware

https://www.exploit-db.com/exploits/31828

View Code ZIP pw:eip

References (8)

[Various Sources] http://www.barracudanetworks.com/ns/support/tech_alert.php

[Various Sources] http://www.irmplc.com/index.php/168-Advisory-027

[Patch] http://www.securityfocus.com/bid/29340

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/492475/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/42594

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020108

[Third Party Advisory] http://secunia.com/advisories/30362

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/1627/references

Scores

EPSS 0.0080

EPSS Percentile 73.8%

Classification

CWE

CWE-79

Status draft

Affected Products (13)

barracuda_networks/barracuda_spam_firewall < 3.5.11.020

barracuda_networks/barracuda_spam_firewall

Timeline

Published May 23, 2008

Tracked Since Feb 18, 2026