CVE-2014-3807

Name of the Vulnerable Software and Affected Versions BarracudaDrive version 6.7.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerable parameters are blog, bloggeruser, and bloggerpasswd in the "/private/manage/" API endpoint.

Recommendations For BarracudaDrive version 6.7.2, avoid using the parameters blog, bloggeruser, and bloggerpasswd in the "/private/manage/" endpoint until the issue is resolved. Restrict access to the "/private/manage/" endpoint to minimize the risk of exploitation.