Barracuda Web Application Firewall XSS vulnerability

Unfortunately this one is a bit late, but at the end of 2012 I came across a reflected XSS vulnerability within the Barracuda Web Application Firewall device.

This can be triggered by manipulating the ‘group_name’ URL parameter as follows:‘Cross Site Scripting on the WAF web interface !!!!!’))

Which results in the following:

A firmware patch was released (Version 7.7) to address this issue.

I would like to thank Barracuda for their good communication and turn around in resolving this vulnerability.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s