Lucene search

[email protected]CVE-2014-3807

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-3807

2022-10-0316:20:22

CWE-79

[email protected]

web.nvd.nist.gov

barracudadrive

xss

cve-2014-3807

web security

vulnerability

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

53.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) blog, (2) bloggeruser, or (3) bloggerpasswd parameter to private/manage/.

Affected configurations

NVD

Node

barracudadrivebarracudadriveMatch6.7.2

CPENameOperatorVersion
barracudadrive:barracudadrivebarracudadriveeq6.7.2

CPE	Name	Operator	Version
barracudadrive:barracudadrive	barracudadrive	eq	6.7.2

References

packetstormsecurity.com/files/126645/BarracudaDrive-6.7.2-Cross-Site-Scripting.html

secunia.com/advisories/58712

www.securityfocus.com/bid/67428

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for CVE-2014-3807

prion1 nvd1 cvelist1 openvas1