VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published May 21, 2014· Updated May 6, 2026

CVE-2014-3808

CVE-2014-3808

Description

Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) role parameter to roles.lsp, (2) name parameter to user.lsp, (3) path parameter to wizard/setuser.lsp, (4) host parameter to tunnelconstr.lsp, or (5) newpath parameter to wfsconstr.lsp in rtl/protected/admin/.

Affected products

9
  • Barracudadrive/Barracudadrive8 versions
    cpe:2.3:a:barracudadrive:barracudadrive:*:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:a:barracudadrive:barracudadrive:*:*:*:*:*:*:*:*range: <=6.7.1
    • cpe:2.3:a:barracudadrive:barracudadrive:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:barracudadrive:barracudadrive:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:barracudadrive:barracudadrive:6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:barracudadrive:barracudadrive:6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:barracudadrive:barracudadrive:6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:barracudadrive:barracudadrive:6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:barracudadrive:barracudadrive:6.7:*:*:*:*:*:*:*
  • Realtimelogic/Barracudadrive
    cpe:2.3:a:realtimelogic:barracudadrive:6.5:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.