Barracuda Networks: >> Barracuda Spam Firewall >> 3.1.10 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda Spam Firewall (BSF) before 3.5.11.025 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVSS Score
4.3
EPSS Score
0.007
Published
2008-05-23
Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam.
CVSS Score
7.5
EPSS Score
0.005
Published
2005-05-02