CVE-2008-0971

Name of the Vulnerable Software and Affected Versions Barracuda Spam Firewall versions prior to 3.5.12.007 Barracuda Message Archiver versions prior to 1.2.1.002 Barracuda Web Filter versions prior to 3.3.0.052 Barracuda IM Firewall versions prior to 3.1.01.017 Barracuda Load Balancer versions prior to 2.3.024

Description The issue allows remote attackers to inject arbitrary web script or HTML via various components and parameters, including the Policy Name field in Search Based Retention Policy, IP Configuration, Administration, Journal Accounts, Retention Policy, and GroupWise Sync components, as well as input to search operations and error messages.

Recommendations For Barracuda Spam Firewall versions prior to 3.5.12.007, update to version 3.5.12.007 or later. For Barracuda Message Archiver versions prior to 1.2.1.002, update to version 1.2.1.002 or later. For Barracuda Web Filter versions prior to 3.3.0.052, update to version 3.3.0.052 or later. For Barracuda IM Firewall versions prior to 3.1.01.017, update to version 3.1.01.017 or later. For Barracuda Load Balancer versions prior to 2.3.024, update to version 2.3.024 or later.