ID
VAR-201203-0478
TITLE
Barracuda Cloud Control Center Multiple cross-site scripting vulnerabilities and HTML Injection vulnerability
Trust: 0.6
DESCRIPTION
Barracuda Cloud Control Center is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker could leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Barracuda Cloud Control Center 3.0.04.015 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | barracuda | model: | networks barracuda control center | scope: | eq | version: | 3.0.04.015 | Trust: 0.3 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 52795 | Trust: 0.9 |
| db: | CNNVD | id: | CNNVD-201203-568 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/bid/52795 | Trust: 0.6 |
| url: | http://blog.barracuda.com/pmblog/index.php/tag/barracuda-control-center/ | Trust: 0.3 |
CREDITS
Benjamin Kunz Mejri
Trust: 0.9
SOURCES
| db: | BID | id: | 52795 |
| db: | CNNVD | id: | CNNVD-201203-568 |
LAST UPDATE DATE
2022-05-17T02:02:38.509000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 52795 | date: | 2015-03-19T08:45:00 |
| db: | CNNVD | id: | CNNVD-201203-568 | date: | 2012-04-01T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 52795 | date: | 2012-03-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-201203-568 | date: | 2012-03-29T00:00:00 |