CVE-2014-4335

Name of the Vulnerable Software and Affected Versions BarracudaDrive version 6.7.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the host or password parameters to the "rtl/protected/admin/ddns/" API endpoint.

Recommendations For BarracudaDrive version 6.7.2, as a temporary workaround, consider restricting access to the "rtl/protected/admin/ddns/" API endpoint until a patch is available. Avoid using the host and password parameters in this endpoint until the issue is resolved.