Barracuda Web Filter HTML Injection Vulnerability
BID:68828
Info
Barracuda Web Filter HTML Injection Vulnerability
| Bugtraq ID: | 68828 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 22 2014 12:00AM |
| Updated: | Jul 22 2014 12:00AM |
| Credit: | Benjamin Mejri of Vulnerability Labs. |
| Vulnerable: |
Barracuda Networks Web Filter 5.0.014 Barracuda Networks Web Filter 4.3.0.011 Barracuda Networks Web Filter 3.3.0.052 Barracuda Networks Web Filter 3.3.0.038 |
| Not Vulnerable: | |
Discussion
Barracuda Web Filter HTML Injection Vulnerability
Barracuda Web Filter is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.
Barracuda Web Filter 6.0.1 and prior are vulnerable.
Barracuda Web Filter is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.
Barracuda Web Filter 6.0.1 and prior are vulnerable.
References
Barracuda Web Filter HTML Injection Vulnerability
References:
References:
- Web Filter Homepage (Barracuda Networks)