- Description
- Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8703B15C-48E0-4A99-8D0B-C1D48D9C699B",
"versionEndIncluding": "1.7.2.004"
},
{
"criteria": "cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:1.2.6.004:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1C6234E7-3561-4C33-998B-EADDA3A24064"
},
{
"criteria": "cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:1.5.0.29:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95CF035D-FA8F-4991-AC1C-C61425AFA652"
}
],
"operator": "OR"
}
]
}
]