CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2010/09/17 8:0 p.m.•10 views

CVE-2010-3464

Cross-site request forgery CSRF vulnerability in admin/managerusers.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the saveadmin action to admin/index.php...

6.8CVSS7.2AI score0.00149EPSS

Prion•added 2010/09/17 8:0 p.m.•16 views

Cross site request forgery (csrf)

6.8CVSS7.7AI score0.00149EPSS

Prion•added 2010/09/17 8:0 p.m.•13 views

Cross site scripting

4.3CVSS6.3AI score0.00285EPSS

CVE•added 2010/09/17 7:0 p.m.•55 views

CVE-2010-3464

SantaFox CSRF in admin/manager_users.class.php (v2.02, possibly earlier) allows an attacker to hijack admin sessions by performing actions via admin/index.php, e.g., adding administrative users through the save_admin path. Connected OpenVAS entry also notes XSS/CSRF vectors for SantaFox. Impact i...

6.8CVSS7.4AI score0.00149EPSS

CVE•added 2010/09/17 7:0 p.m.•39 views

CVE-2010-3463

SantaFox 2.02 (and possibly earlier) is vulnerable to a Cross-site Scripting (XSS) flaw in modules/search/search.class.php, exploitable via the search parameter to search.html. The root cause is insufficient input sanitation in the search parameter, allowing remote attackers to inject arbitrary H...

4.3CVSS6AI score0.00285EPSS

Cvelist•added 2010/09/17 7:0 p.m.•13 views

CVE-2010-3463

5.8AI score0.00285EPSS

Cvelist•added 2010/09/17 7:0 p.m.•15 views

CVE-2010-3464

7.2AI score0.00149EPSS

securityvulns•added 2010/09/17 12:0 a.m.•31 views

XSRF (CSRF) in SantaFox

Vulnerability ID: HTB22594 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinsantafox.html Product: SantaFox Vendor: artprom http://www.santafox.ru/ Vulnerable Version: 2.02 and Probably Prior Versions Vendor Notification: 23 August 2010 Vulnerability Type: CSRF Cross-Site Request Forgery...

7AI score

securityvulns•added 2010/09/17 12:0 a.m.•46 views

XSS vulnerability in SantaFox search module

Vulnerability ID: HTB22593 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinsantafoxsearchmodule.html Product: SantaFox Vendor: artprom http://www.santafox.ru/ Vulnerable Version: 2.02 and Probably Prior Versions Vendor Notification: 23 August 2010 Vulnerability Type: XSS Cross Site...

0.3AI score

Packet Storm•added 2010/09/16 12:0 a.m.•15 views

SantaFox 2.02 Cross Site Request Forgery / Cross Site Scripting

======================================= Vulnerability ID: HTB22593 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinsantafoxsearchmodule.html Product: SantaFox Vendor: artprom http://www.santafox.ru/ Vulnerable Version: 2.02 and Probably Prior Versions Vendor Notification: 23 August...

Exploit DB•added 2010/09/06 12:0 a.m.•16 views

Santafox 2.0.2 - 'search' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43237/info Santafox is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

7.4AI score

exploitpack•added 2010/09/06 12:0 a.m.•9 views

Santafox 2.0.2 - search Cross-Site Scripting

Santafox 2.0.2 - search Cross-Site Scripting source: https://www.securityfocus.com/bid/43237/info Santafox is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code ...