Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) role parameter to roles.lsp, (2) name parameter to user.lsp, (3) path parameter to wizard/setuser.lsp, (4) host parameter to tunnelconstr.lsp, or (5) newpath parameter to wfsconstr.lsp in rtl/protected/admin/.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-05-21T14:00:00
Updated: 2015-05-04T16:57:01
Reserved: 2014-05-21T00:00:00
Link: CVE-2014-3808
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-05-21T14:55:06.757
Modified: 2021-05-26T17:30:28.270
Link: CVE-2014-3808
JSON object: View
Redhat Information
No data.
CWE