Summary
This host is running BarracudaDrive and is prone to multiple XSS vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site.
Impact Level: Application
Solution
Upgrade to BarracudaDrive version 6.7.2 or later. For updates refer http://barracudadrive.com
Insight
Multiple flaws exist due to,
- Input passed via the 'role' parameter to 'protected/admin/roles.lsp', 'name' parameter to '/admin/user.lsp', path' parameter in '/rtl/protected/admin/wizard/setuser.lsp', 'host' parameter in '/admin/tunnelconstr.lsp', 'newpath' parameter in
'protected/admin/wfsconstr.lsp' is not properly verified before it is returned to the user.
Affected
BarracudaDrive version 6.x before 6.7.2
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-3808 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- @Mail WebMail Email Body HTML Injection Vulnerability