XSS in Searchblox

CVE-2015-0967

Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result f…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.013 (66.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References

  • cret@cert.org (US Government Resource, x_refsource_CERT-VN, Third Party Advisory, third-party-advisory)