Barracuda Link Balancer XSS vulnerabilities

Two vulnerabilities have been reported in Barracuda Link Balancer, which can be exploited by malicious people to conduct cross-site scripting attacks, according to Secunia.

Certain input passed via the “zoneid” and “scope” parameters related to the “Authoritative DNS – DNS Zones” module is not properly sanitised before being returned to the user.

This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

The vulnerabilities are reported in Barracuda Link Balancer 330 firmware versions v1.3.2.005 and earlier.

Solution: The vendor has issued a fix.