CVE-2012-4739
Barracuda SSL VPN < 2.2.2.203 - Cross-Site Scripting via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2012-4739. PoCs published by Benjamin Kunz Mejri.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Barracuda SSL VPN 680 due to improper input sanitization. The vulnerability allows arbitrary script execution in the context of the affected site via a crafted URL parameter.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.
Exploits (2)
The provided text describes a cross-site scripting (XSS) vulnerability in Barracuda SSL VPN 680 due to improper input sanitization. The vulnerability allows arbitrary script execution in the context of the affected site via a crafted URL parameter.
This exploit demonstrates a reflected XSS vulnerability in Barracuda SSL VPN 680 by injecting malicious JavaScript via the 'path' parameter in the URL. The PoC triggers an alert dialog, proving arbitrary script execution in the context of the affected site.