Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to Forum/manage/ForumManager.lsp; (3) sHint, (4) sWord, or (5) nId parameter to Forum/manage/hangman.lsp; (6) user parameter to rtl/protected/admin/wizard/setuser.lsp; (7) name or (8) email parameter to feedback.lsp; (9) lname or (10) url parameter to private/manage/PageManager.lsp; (11) cmd parameter to fs; (12) newname, (13) description, (14) firstname, (15) lastname, or (16) id parameter to rtl/protected/mail/manage/list.lsp; or (17) PATH_INFO to fs/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Real Time Logic BarracudaDrive 跨站脚本漏洞
Vulnerability Description
Real Time Logic BarracudaDrive是美国Real Time Logic公司的一套基于网页界面模式的文件共享软件。该软件支持文件共享、FTP权限控制等。 BarracudaDrive 6.7之前的版本中存在跨站脚本漏洞,该漏洞源于Forum/manage/ForumManager.lsp脚本没有正确过滤sForumName和sDescription参数;Forum/manage/hangman.lsp脚本没有正确过滤sHint、sWord、nId参数;rtl/protected/a
CVSS Information
N/A
Vulnerability Type
N/A