[This was originally published on OSVDB, now gone, and touched up slightly for style. Mirrored on attrition.org. VulnDB 20878 & 20879]
From: Jericho email@example.com
Date: Fri, 01 Jul 2005 03:37:18 -0600
Subject: Barracuda Spam Firewall Cross Site Scripting (XSS) Vulnerabilities
My ISP uses the Barracuda Networks Spam Firewall, Firmware v3.1.17 (2005-08-06 11:48:38). When editing my e-mail account preferences, I noticed that a few fields were prone to cross site scripting (XSS) attacks.
Pages – Fields:
Whitelist/Blacklist – Email Address field add_user_scana_sender_allow and add_user_scana_sender_block form fields
Quarantine Settings – Notification Address
Put the following text into the field, and it will render the script:
A second issue I noticed, my e-mail account password is stored as an encoded value in a hidden field. The password (encoded) is also used in various HREFs, causing it to be visible in the browser. This means it is transmitted without the protection of SSL encryption, a known secure standard.
Barracuda Spam Firewall
Firmware v3.1.17 (2005-08-06 11:48:38)
Subject: xxxxx Ticket-No.378972
Date: Fri, 01 Jul 2005 09:14:03 -0600
[===> Please enter your reply below this line <===]
[===> Please enter your reply above this line <===]
Your Ticket: 378972
Description: Barracuda Email Concerns/Questions
This action has been taken:
Note added: xxxxx
These notes are included:
Hi Brian –
Finally, if you do set up a password, you can login at https://barracuda.xxxxx.net which uses a self-signed certificate. This
still uses the authentication tokens in the!
URL, but as noted, they are not reusable from another location. Please
let me know if you have any other questions or concerns, and I will be
happy to pass them on to our vendor.