Home

Description

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter

PUBLISHED Reserved 2025-07-29 | Published 2025-07-29 | Updated 2025-07-30 | Assigner Bugcrowd

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation

Product status

Default status
unaffected

5.4.2.002 (semver) before 5.4.2.002
affected

References

bugcrowd.com/...e-error-parameter-in-barracuda-mail-archiver exploit

bugcrowd.com/...e-error-parameter-in-barracuda-mail-archiver

cve.org (CVE-2025-8319)

nvd.nist.gov (CVE-2025-8319)

Download JSON