Santafox: Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in modules/search/search.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the search parameter to search.html.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-09-17
Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php.
CVSS Score
6.8
EPSS Score
0.001
Published
2010-09-17