Certain input passed via the "zoneid" and "scope" parameters related to the "Authoritative DNS - DNS Zones" module is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are reported in Barracuda Link Balancer 330 firmware versions v1.3.2.005 and earlier.
Solution: The vendor has issued a fix.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.