CVE-2008-0971

Published: Dec 19, 2008Modified: Apr 23, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter.

Affected (5)

Products: Barracuda Networks: Barracuda Im Firewall, Barracuda Load Balancer, Barracuda Message Archiver, Barracuda Spam Firewall, Barracuda Web Filter

Barracuda Networks

5 products

Barracuda Im Firewall

Barracuda Load Balancer

Barracuda Message Archiver

Barracuda Spam Firewall

Barracuda Web Filter

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Barracuda Networks Barracuda Im Firewall	Up to 3.0.01.008
Barracuda Networks Barracuda Load Balancer	Up to 2.2.006
Barracuda Networks Barracuda Message Archiver	Up to 1.1.0.010
Barracuda Networks Barracuda Spam Firewall	Up to 3.5.11.020
Barracuda Networks Barracuda Web Filter	Up to 3.3.0.038