ID de Prueba:	1.3.6.1.4.1.25623.1.0.901158
Categoría:	Web application abuses
Título:	Santafox XSS and CSRF Vulnerabilities
Resumen:	Santafox is prone to cross-site scripting (XSS) and cross-site; request forgery (CSRF) vulnerabilities.
Descripción:	Summary: Santafox is prone to cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities. Vulnerability Insight: The flaws are caused by, - improper validation of user-supplied input passed via the 'search' parameter to search.html, that allows attackers to execute arbitrary HTML and script code on the web server. - Cross-site request forgery vulnerability in admin/manager_users.class.php, allows remote attackers to hijack the authentication of administrators. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Affected Software/OS: SantaFox 2.02 and prior. Solution: Upgrade to SantaFox version 3.01. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3463 Bugtraq: 20100915 XSS vulnerability in SantaFox search module (Google Search) http://www.securityfocus.com/archive/1/513737/100/0/threaded http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.txt http://www.htbridge.ch/advisory/xss_vulnerability_in_santafox_search_module.html http://secunia.com/advisories/41465 Common Vulnerability Exposure (CVE) ID: CVE-2010-3464 Bugtraq: 20100915 XSRF (CSRF) in SantaFox (Google Search) http://www.securityfocus.com/archive/1/513738/100/0/threaded http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.