Searchblox Searchblox
17 CVEs affecting Searchblox Searchblox. Latest disclosed: 2023-09-06. Critical: 3, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-7919 | Critical | 10.0 | 2015-12-21 | SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecifie… |
CVE-2020-10131 | Critical | 9.8 | 2023-09-06 | SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter. |
CVE-2018-11586 | Critical | 9.8 | 2018-06-05 | XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-si… |
CVE-2020-10130 | High | 8.8 | 2023-09-06 | SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. |
CVE-2020-10129 | High | 8.8 | 2023-09-06 | SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality. |
CVE-2018-11538 | High | 8.8 | 2018-06-01 | servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. |
CVE-2015-0970 | High | 8.8 | 2015-04-18 | Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users. |
CVE-2020-35580 | High | 7.5 | 2021-05-20 | A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the op… |
CVE-2020-10132 | Medium | 6.1 | 2023-09-06 | SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration. |
CVE-2020-10128 | Medium | 5.4 | 2023-09-05 | SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple pa… |
CVE-2015-3422 | | 2015-06-18 | Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to a… | |
CVE-2015-0969 | | 2015-04-18 | SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. | |
CVE-2015-0968 | | 2015-04-18 | Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file… | |
CVE-2015-0967 | | 2015-04-18 | Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search f… | |
CVE-2013-3598 | | 2013-08-28 | Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a… | |
CVE-2013-3597 | | 2013-08-28 | servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. | |
CVE-2013-3590 | | 2013-08-28 | Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploadin… |