Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data.

Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user.