SecPod Research Team member (Prabhu S Angadi) has found Multiple Cross-Site Scripting Vulnerability in BarracudaDrive. The vulnerability is caused by improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data.
Complete Advisory information can be found here.
Advisory in CVRF format can be found here.
Coordinated Vulnerability Disclosure - 24/02/2014 Issue Discovered - 07/03/2014 Vendor Notified - 07/03/2014 Vendor Responded - 13/03/2014 Vendor Solution - 17/03/2014 Advisory Released
Welcome any feedback or suggestions.
SecPod Research Team