BarracudaDrive Multiple XSS Vulnerabilities

SecPod Research Team member (Shakeel Bhat) has found Multiple Cross-Site Scripting Vulnerability in BarracudaDrive. The vulnerability is caused by improper validation of various parameter in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data.

Complete Advisory information can be found here.

Advisory in CVRF format can be found here.

Coordinated Vulnerability Disclosure
- 20/03/2014 Issue Discovered
- 25/03/2014 Vendor Notified
- 26/03/2014 Vendor Responded
- 27/03/2014 Vendor Solution
- 28/04/2014 Advisory Released

Welcome any feedback or suggestions.

SecPod Research Team