CVE-2014-2526 — MEDIUM (6.1)

Q: How severe is CVE-2014-2526?

CVE-2014-2526 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-2526?

Check the references section above for vendor advisories and patch information. Affected products include: Barracudadrive Barracudadrive.

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to Forum/manage/ForumManager.lsp; (3) sHint, (4) sWord, or (5) nId parameter to Forum/manage/hangman.lsp; (6) user parameter to rtl/protected/admin/wizard/setuser.lsp; (7) name or (8) email parameter to feedback.lsp; (9) lname or (10) url parameter to private/manage/PageManager.lsp; (11) cmd parameter to fs; (12) newname, (13) description, (14) firstname, (15) lastname, or (16) id parameter to rtl/protected/mail/manage/list.lsp; or (17) PATH_INFO to fs/.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Barracudadrive	Barracudadrive	< 6.7

Related Weaknesses (CWE)

CWE-79

References

http://barracudadrive.com/readme.txtRelease NotesVendor Advisory
http://packetstormsecurity.com/files/125766ExploitThird Party AdvisoryVDB Entry
http://secpod.org/advisories/SecPod_BarracudaDrive_Mult_XSS_Vuln.txtBroken Link
http://secpod.org/blog/?p=2158Broken Link
http://secunia.com/advisories/57451Not ApplicableThird Party Advisory
http://www.securityfocus.com/bid/66269Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/91920VDB EntryVendor Advisory
http://barracudadrive.com/readme.txtRelease NotesVendor Advisory
http://packetstormsecurity.com/files/125766ExploitThird Party AdvisoryVDB Entry
http://secpod.org/advisories/SecPod_BarracudaDrive_Mult_XSS_Vuln.txtBroken Link
http://secpod.org/blog/?p=2158Broken Link
http://secunia.com/advisories/57451Not ApplicableThird Party Advisory
http://www.securityfocus.com/bid/66269Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/91920VDB EntryVendor Advisory

FAQ

What is CVE-2014-2526?

CVE-2014-2526 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to F...

How severe is CVE-2014-2526?

CVE-2014-2526 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2526?

Check the references section above for vendor advisories and patch information. Affected products include: Barracudadrive Barracudadrive.