CVE-2008-2333: XSS
First published: Fri May 23 2008(Updated: )
Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Barracuda Spam Firewall | =3.4.10.102 | |
| Barracuda Spam Firewall | =3.3.01.001 | |
| Barracuda Spam Firewall | =3.3.15.026 | |
| Barracuda Spam Firewall | =3.1.18 | |
| Barracuda Spam Firewall | =3.3.0.54 | |
| Barracuda Spam Firewall | =3.4 | |
| Barracuda Spam Firewall | =3.1.16 | |
| Barracuda Spam Firewall | =3.3.03.055 | |
| Barracuda Spam Firewall | <=3.5.11.020 | |
| Barracuda Spam Firewall | =3.3.03.053 | |
| Barracuda Spam Firewall | =3.1.17 | |
| Barracuda Spam Firewall | =3.3.3 | |
| Barracuda Spam Firewall | =3.1.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.barracudanetworks.com/ns/support/tech_alert.php
- http://www.securityfocus.com/bid/29340
- http://www.securitytracker.com/id?1020108
- http://www.vupen.com/english/advisories/2008/1627/references
- http://www.irmplc.com/index.php/168-Advisory-027
- http://secunia.com/advisories/30362
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42594
- http://www.securityfocus.com/archive/1/492475/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-2333?
The severity of CVE-2008-2333 is classified as a medium-risk cross-site scripting vulnerability.
How do I fix CVE-2008-2333?
To fix CVE-2008-2333, you should upgrade to Barracuda Spam Firewall version 3.5.11.025 or later.
Which versions of Barracuda Spam Firewall are affected by CVE-2008-2333?
Versions of Barracuda Spam Firewall prior to 3.5.11.025, including 3.1.x, 3.3.x, and 3.4.x, are affected by CVE-2008-2333.
What kind of attack is CVE-2008-2333 vulnerable to?
CVE-2008-2333 is vulnerable to cross-site scripting (XSS) attacks, allowing remote attackers to inject arbitrary web scripts or HTML.
What is the email parameter in CVE-2008-2333?
The email parameter in CVE-2008-2333 is a vulnerable input field in ldap_test.cgi that can be exploited for XSS.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/weakness
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/barracuda networks
- canonical/barracuda spam firewall
- version/barracuda spam firewall/3.4.10.102
- version/barracuda spam firewall/3.3.01.001
- version/barracuda spam firewall/3.3.15.026
- version/barracuda spam firewall/3.1.18
- version/barracuda spam firewall/3.3.0.54
- version/barracuda spam firewall/3.4
- version/barracuda spam firewall/3.1.16
- version/barracuda spam firewall/3.3.03.055
- version/barracuda spam firewall/3.5.11.020
- version/barracuda spam firewall/3.3.03.053
- version/barracuda spam firewall/3.1.17
- version/barracuda spam firewall/3.3.3
- version/barracuda spam firewall/3.1.10