CVE-2012-4739

Barracuda SSL VPN <2.2.2.203 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Benjamin Kunz Mejri · textremotehardware

https://www.exploit-db.com/exploits/37513

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Benjamin Kunz Mejri · textremotehardware

https://www.exploit-db.com/exploits/37512

View Code ZIP pw:eip

References (5)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-08/0003.html

[Exploit] http://www.securityfocus.com/bid/54761

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/77365

[Vendor Advisory] https://www.barracudanetworks.com/ns/support/tech_alert.php

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027279

Scores

EPSS 0.0575

EPSS Percentile 90.4%

Classification

CWE

CWE-79

Status published

Affected Products (4)

barracudanetworks/barracuda_ssl_vpn < 1.7.2.004

barracudanetworks/barracuda_ssl_vpn

barracudanetworks/barracuda_ssl_vpn

n/a/n/a

Timeline

Published Aug 31, 2012

Tracked Since Feb 18, 2026