CVE-2008-0971

N/A Unknown
Published: December 19, 2008 Modified: April 23, 2026
View on NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://dcsl.ul.ie/advisories/03.htm
Source: cve@mitre.org
http://secunia.com/advisories/33164
Source: cve@mitre.org
Vendor Advisory
http://securityreason.com/securityalert/4792
Source: cve@mitre.org
http://securitytracker.com/id?1021454
Source: cve@mitre.org
http://www.barracudanetworks.com/ns/support/tech_alert.php
Source: cve@mitre.org
Vendor Advisory
http://www.osvdb.org/50709
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/499294/100/0/threaded
Source: cve@mitre.org
http://dcsl.ul.ie/advisories/03.htm
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/33164
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securityreason.com/securityalert/4792
Source: af854a3a-2127-422b-91ae-364da2661108
http://securitytracker.com/id?1021454
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.barracudanetworks.com/ns/support/tech_alert.php
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.osvdb.org/50709
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/499294/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108

14 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.3%
57th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Affected Vendors

barracuda_networks

Related CVEs

CVE-2026-41907 N/A
CVE-2026-41894 N/A
CVE-2026-41492 9.8
CVE-2026-41421 8.8
CVE-2026-41419 7.6