Summary
This host is running BarracudaDrive and is prone to multiple XSS vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site.
Impact Level: Application
Solution
No solution or patch is available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available.
For updates refer http://barracudadrive.com/
Insight
Multiple flaws exist as,
- Input passed via the 'blog' parameter to 'private/manage/', 'bloggeruser' parameter to 'private/manage/', Input passed via the 'bloggerpasswd' parameter to 'private/manage/', Input passed via the 'host' and 'password' parameters is not properly verified before it is given to server for processing.
Affected
BarracudaDrive version 6.7.2
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-3807, CVE-2014-4335 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
- Apache mod_proxy_ajp Information Disclosure Vulnerability
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities