Unrated severityNVD Advisory· Published Dec 19, 2008· Updated Apr 23, 2026

CVE-2008-0971

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter.

Affected products

Barracuda Networks/Barracuda Im Firewall
cpe:2.3:h:barracuda_networks:barracuda_im_firewall:*:*:*:*:*:*:*:*
Range: <=3.0.01.008
Barracuda Networks/Barracuda Load Balancer
cpe:2.3:h:barracuda_networks:barracuda_load_balancer:*:*:*:*:*:*:*:*
Range: <=2.2.006
Barracuda Networks/Barracuda Message Archiver
cpe:2.3:h:barracuda_networks:barracuda_message_archiver:*:*:*:*:*:*:*:*
Range: <=1.1.0.010
Barracuda Networks/Barracuda Spam Firewall
cpe:2.3:h:barracuda_networks:barracuda_spam_firewall:*:*:*:*:*:*:*:*
Range: <=3.5.11.020
Barracuda Networks/Barracuda Web Filter
cpe:2.3:h:barracuda_networks:barracuda_web_filter:*:*:*:*:*:*:*:*
Range: <=3.3.0.038

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/33164nvdVendor Advisory
www.barracudanetworks.com/ns/support/tech_alert.phpnvdVendor Advisory
dcsl.ul.ie/advisories/03.htmnvd
securityreason.com/securityalert/4792nvd
securitytracker.com/idnvd
www.osvdb.org/50709nvd
www.securityfocus.com/archive/1/499294/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000