CVE-2025-8319

MEDIUM6.1JSON export Create alert

Description

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

Barracuda / Barracuda Message Archiver5.4.2.002 – 5.4.2.002

References

MISChttps://bugcrowd.com/disclosures/30a330ef-0885-458c-a64f-2ad63d196b4d/dom-based-cross-site-scripting-xss-with-keylogger-injection-via-the-error-parameter-in-barracuda-mail-archiver