SecPod Research Team member (Shakeel Bhat) has found Multiple Cross-Site Scripting Vulnerability in BarracudaDrive. The vulnerability is caused by improper validation of various parameter in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data.
Complete Advisory information can be found here.
Advisory in CVRF format can be found here.
Coordinated Vulnerability Disclosure - 20/03/2014 Issue Discovered - 25/03/2014 Vendor Notified - 26/03/2014 Vendor Responded - 27/03/2014 Vendor Solution - 28/04/2014 Advisory Released
Welcome any feedback or suggestions.
Cheers!
SecPod Research Team