|
Description
|
|
Multiple vulnerabilities have been discovered in BarracudaDrive, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed via the "blog", "bloggeruser", and "bloggerpasswd" POST parameters to private/manage/ (when "IsPublic" is set to "true", "ShowLogin" is set to "on", "theme" is set to "BarracudaDriveb", "blog" is set to "Blog", "fblink" is set to "Add+a+comment", and "GoogleAnalytics", "msgrsskey", and "fbkey" are set) is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site.
The vulnerabilities are confirmed in version 6.7.2. Other versions may also be affected.
|
