Unrated severityNVD Advisory· Published Aug 31, 2012· Updated Apr 29, 2026

CVE-2012-4739

Description

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.

Affected products

Barracudanetworks/Barracuda SSL VPN3 versions
cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:*:*:*:*:*:*:*:*range: <=1.7.2.004
- cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:1.2.6.004:*:*:*:*:*:*:*
- cpe:2.3:a:barracudanetworks:barracuda_ssl_vpn:1.5.0.29:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2012-08/0003.htmlnvdExploit
www.securityfocus.com/bid/54761nvdExploit
www.barracudanetworks.com/ns/support/tech_alert.phpnvdVendor Advisory
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/77365nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000