This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.
The remote web server contains a CGI script that is affected by a
cross-site scripting vulnerability.
According to its firmware version, the remote Barracuda Spam Firewall
device fails to filter input to the 'email' parameter of the
'/cgi-bin/ldap_test.cgi' script before using it to generate dynamic
content. An unauthenticated, remote attacker may be able to leverage
this issue to inject arbitrary HTML or script code into a user's
browser to be executed within the security context of the affected
Note that Nessus has not tested for this issue but has instead
relied only on the application's self-reported firmware version.
See also :
Either configure the device to limit access to the web management
application by IP address or update to firmware release 3.5.11.025 or
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 32434 (barracuda_ldap_test_xss.nasl)
Bugtraq ID: 29340
CVE ID: CVE-2008-2333
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.