CVE-2014-2526: BarracudaDrive Multiple XSS Vulnerabilities

SecPod Research Team member (Prabhu S Angadi) has found Multiple Cross-Site Scripting Vulnerability in BarracudaDrive. The vulnerability is caused by improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data.

Complete Advisory information can be found here.

Advisory in CVRF format can be found here.

Coordinated Vulnerability Disclosure
- 24/02/2014 Issue Discovered
- 07/03/2014 Vendor Notified
- 07/03/2014 Vendor Responded
- 13/03/2014 Vendor Solution
- 17/03/2014 Advisory Released

Welcome any feedback or suggestions.

SecPod Research Team