SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in «Featured Results» parameter.