CVE Vulnerability

CVE-2007-5058

Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.barracudanetworks.com/ns/support/tech_alert.php
http://www.securityfocus.com/bid/25757
http://www.infobyte.com.ar/adv/ISR-15.html
http://www.securitytracker.com/id?1018733
http://secunia.com/advisories/26937
http://securityreason.com/securityalert/3164
http://osvdb.org/38156
http://www.vupen.com/english/advisories/2007/3257
https://exchange.xforce.ibmcloud.com/vulnerabilities/36716
http://www.securityfocus.com/archive/1/480238/100/0/threaded
Configurations

Configuration 1

cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*
Information

Published : 2007-09-24 10:17

Updated : 2018-10-15 09:40

NVD link : CVE-2007-5058

Mitre link : CVE-2007-5058

Products Affected
No products.
CWE
CWE-79