Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:searchblox:searchblox:8.3.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-10132 |
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration. Published: September 06, 2023; 3:15:43 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2020-10131 |
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter. Published: September 06, 2023; 3:15:43 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2020-10130 |
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. Published: September 06, 2023; 3:15:43 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2020-10129 |
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality. Published: September 06, 2023; 3:15:43 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2020-10128 |
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript. Published: September 05, 2023; 4:15:07 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2020-35580 |
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users. Published: May 20, 2021; 12:15:07 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2015-7919 |
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. Published: December 21, 2015; 6:59:11 AM -0500 |
V3.0: 10.0 CRITICAL V2.0: 6.4 MEDIUM |