header-logo
Suggest Exploit
vendor:
Barracuda Control Center
by:
Unknown
7.5
CVSS
HIGH
HTML Injection, Cross-Site Scripting
79, 80
CWE
Product Name: Barracuda Control Center
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2012-2997, CVE-2012-2998
CPE: a:barracudanetworks:barracuda_control_center:620
Metasploit: https://www.rapid7.com/db/vulnerabilities/f5-big-ip-cve-2012-2997/
Other Scripts:
Platforms Tested:
2012

Barracuda Control Center 620 HTML Injection and Cross-Site Scripting Vulnerabilities

The Barracuda Control Center 620 is vulnerable to HTML injection and multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to inject malicious HTML and script code, which will run in the context of the affected browser. This can lead to the theft of authentication credentials and control over the site's rendering to the user. Other attacks are also possible.

Mitigation:

It is recommended to update to a patched version of Barracuda Control Center 620.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/51156/info

Barracuda Control Center 620 is prone to an HTML injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. 

https://www.example.com/bcc/editdevices.jsp?device-type=spyware&selected-node=1&containerid=[IVE]
https://www.example.com/bcc/main.jsp?device-type=[IVE]

Navigation

Suggest Exploit

Services By CQR