EIP-2026-101551

PRE-CVE

Barracuda Message Archiver 650 - Persistent Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101551. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This document details a persistent XSS vulnerability in Barracuda Message Archiver 650 v3.1.0.914, where the `domain_list_table-r0` parameter fails to sanitize user input, allowing script injection. The advisory includes technical details, PoC request examples, and mitigation steps.

Description

Barracuda Message Archiver 650 - Persistent Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappshardware

https://www.exploit-db.com/exploits/31765

View Code ZIP pw:eip

This document details a persistent XSS vulnerability in Barracuda Message Archiver 650 v3.1.0.914, where the `domain_list_table-r0` parameter fails to sanitize user input, allowing script injection. The advisory includes technical details, PoC request examples, and mitigation steps.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Barracuda Message Archiver 650 v3.1.0.914

Auth required

Prerequisites: Low-privileged application user account · Access to the vulnerable module

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026