BarracudaDrive Multiple XSS Vulnerabilities

SecPod Research Team member (Shakeel Bhat) has found Multiple Cross-Site Scripting Vulnerability in BarracudaDrive. The vulnerability is caused by improper validation of various parameter in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data.

Complete Advisory information can be found here.

Advisory in CVRF format can be found here.

Coordinated Vulnerability Disclosure
- 20/03/2014 Issue Discovered
- 25/03/2014 Vendor Notified
- 26/03/2014 Vendor Responded
- 27/03/2014 Vendor Solution
- 28/04/2014 Advisory Released

Welcome any feedback or suggestions.

Cheers!
SecPod Research Team

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments