CVE-2025-8319

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugcrowd.com/disclosures/30a330ef-0885-458c-a64f-2ad63d196b4d/dom-based-cross-site-scripting-xss-with-keylogger-injection-via-the-error-parameter-in-barracuda-mail-archiver", "name": "https://bugcrowd.com/disclosures/30a330ef-0885-458c-a64f-2ad63d196b4d/dom-based-cross-site-scripting-xss-with-keylogger-injection-via-the-error-parameter-in-barracuda-mail-archiver", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking", "Mitigation"], "refsource": ""}, {"url": "https://bugcrowd.com/disclosures/30a330ef-0885-458c-a64f-2ad63d196b4d/dom-based-cross-site-scripting-xss-with-keylogger-injection-via-the-error-parameter-in-barracuda-mail-archiver", "name": "https://bugcrowd.com/disclosures/30a330ef-0885-458c-a64f-2ad63d196b4d/dom-based-cross-site-scripting-xss-with-keylogger-injection-via-the-error-parameter-in-barracuda-mail-archiver", "tags": ["Exploit", "Third Party Advisory", "Issue Tracking", "Mitigation"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page\u2019s Document Object Model via the error= URL parameter"}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-8319", "ASSIGNER": "cve-coordinator@bugcrowd.com"}}, "impact": {}, "publishedDate": "2025-07-30T00:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:barracuda:message_archiver_firmware:5.4.2.002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-06T14:05Z"}