CVE-2012-4739 in SSL VPN
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Reservation
08/31/2012
Disclosure
08/31/2012
Status
Confirmed
Entries
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerability | CWE | Exp | Cou | CVE |
|---|---|---|---|---|---|
| 5687 | Barracuda SSL VPN launchAgent.do cross site scripting | 79 | High | Official fix | CVE-2012-4739 |