{"api_version":"1","generated_at":"2026-04-21T17:38:59+00:00","cve":"CVE-2007-5058","urls":{"html":"https://cve.report/CVE-2007-5058","api":"https://cve.report/api/cve/CVE-2007-5058.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-5058","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-5058"},"summary":{"title":"CVE-2007-5058","description":"Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2007-09-24 22:17:00","updated_at":"2018-10-15 21:40:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.infobyte.com.ar/adv/ISR-15.html","name":"http://www.infobyte.com.ar/adv/ISR-15.html","refsource":"MISC","tags":[],"title":"ISR, Infobyte Security Research","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://osvdb.org/38156","name":"38156","refsource":"OSVDB","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2007/3257","name":"ADV-2007-3257","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/480238/100/0/threaded","name":"20070921 [ISR] - Barracuda Spam Firewall. Cross-Site Scripting","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/25757","name":"25757","refsource":"BID","tags":[],"title":"Barracuda Spam Firewall Web Administration Console Username HTML Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://securityreason.com/securityalert/3164","name":"3164","refsource":"SREASON","tags":[],"title":"Barracuda Spam Firewall. Cross-Site Scripting - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018733","name":"1018733","refsource":"SECTRACK","tags":[],"title":"Barracuda Spam Firewall Input Validation Hole in 'Monitor Web Syslog' Page Permits Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/26937","name":"26937","refsource":"SECUNIA","tags":[],"title":"Barracuda Spam Firewall \"Monitor Web Syslog\" Script Insertion - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/36716","name":"barracuda-webadmin-xss(36716)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.barracudanetworks.com/ns/support/tech_alert.php","name":"http://www.barracudanetworks.com/ns/support/tech_alert.php","refsource":"CONFIRM","tags":[],"title":"Error 404 (Not Found) |\n\t\t Barracuda Networks","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-5058","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-5058","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"5058","vulnerable":"1","versionEndIncluding":"3.4.10.102","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"barracuda_networks","cpe5":"barracuda_spam_firewall","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-5058","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20070921 [ISR] - Barracuda Spam Firewall. Cross-Site Scripting","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/480238/100/0/threaded"},{"name":"ADV-2007-3257","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/3257"},{"name":"barracuda-webadmin-xss(36716)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/36716"},{"name":"3164","refsource":"SREASON","url":"http://securityreason.com/securityalert/3164"},{"name":"38156","refsource":"OSVDB","url":"http://osvdb.org/38156"},{"name":"http://www.barracudanetworks.com/ns/support/tech_alert.php","refsource":"CONFIRM","url":"http://www.barracudanetworks.com/ns/support/tech_alert.php"},{"name":"26937","refsource":"SECUNIA","url":"http://secunia.com/advisories/26937"},{"name":"http://www.infobyte.com.ar/adv/ISR-15.html","refsource":"MISC","url":"http://www.infobyte.com.ar/adv/ISR-15.html"},{"name":"25757","refsource":"BID","url":"http://www.securityfocus.com/bid/25757"},{"name":"1018733","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018733"}]}},"nvd":{"publishedDate":"2007-09-24 22:17:00","lastModifiedDate":"2018-10-15 21:40:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*","versionEndIncluding":"3.4.10.102","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"5058","Ordinal":"27744","Title":"CVE-2007-5058","CVE":"CVE-2007-5058","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"5058","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open.","Type":"Description","Title":null},{"CveYear":"2007","CveId":"5058","Ordinal":"2","NoteData":"2007-09-24","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"5058","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}