Details of VAR-E-201112-0114

ID

VAR-E-201112-0114

EDB ID

36475

TITLE

Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36475

DESCRIPTION

Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection.. remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 36475

AFFECTED PRODUCTS

vendor:	barracuda	model:	control center	scope:	eq	version:	620	Trust: 1.0
vendor:	barracuda	model:	networks barracuda control center	scope:	eq	version:	620	Trust: 0.3

sources: BID: 51156 // EXPLOIT-DB: 36475

EXPLOIT

source: https://www.securityfocus.com/bid/51156/info

Barracuda Control Center 620 is prone to an HTML injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

https://www.example.com/bcc/editdevices.jsp?device-type=spyware&selected-node=1&containerid=[IVE]
https://www.example.com/bcc/main.jsp?device-type=[IVE]

Trust: 1.0

sources: EXPLOIT-DB: 36475

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36475

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36475

TYPE

Cross-Site Scripting / HTML Injection

Trust: 1.0

sources: EXPLOIT-DB: 36475

CREDITS

Vulnerability-Lab

Trust: 0.6

sources: EXPLOIT-DB: 36475

EXTERNAL IDS

db:	BID	id:	51156	Trust: 1.9
db:	EXPLOIT-DB	id:	36475	Trust: 1.6
db:	EDBNET	id:	57807	Trust: 0.6

sources: BID: 51156 // EXPLOIT-DB: 36475 // EDBNET: 57807

REFERENCES

url:	https://www.securityfocus.com/bid/51156/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/36475/	Trust: 0.6
url:	http://www.barracudanetworks.com/ns/?l=en_ca	Trust: 0.3
url:	http://www.vulnerability-lab.com/get_content.php?id=32	Trust: 0.3

sources: BID: 51156 // EXPLOIT-DB: 36475 // EDBNET: 57807

SOURCES

db:	BID	id:	51156
db:	EXPLOIT-DB	id:	36475
db:	EDBNET	id:	57807

LAST UPDATE DATE

2022-07-27T09:52:20.671000+00:00

SOURCES UPDATE DATE

db:

BID

id:

51156

date:

2011-12-21T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	51156	date:	2011-12-21T00:00:00
db:	EXPLOIT-DB	id:	36475	date:	2011-12-21T00:00:00
db:	EDBNET	id:	57807	date:	2011-12-21T00:00:00