Summary
The host is running Santafox and is prone to Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to SantaFox version 3.01, for updates refer to http://www.santafox.ru/download.html
Insight
The flaws are caused by,
- improper validation of user-supplied input passed via the 'search' parameter to search.html, that allows attackers to execute arbitrary HTML and script code on the web server.
- Cross-site request forgery vulnerability in admin/manager_users.class.php, allows remote attackers to hijack the authentication of administrators.
Affected
SantaFox 2.02 and prior.
References
Severity
Classification
-
CVE CVE-2010-3463, CVE-2010-3464 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities