Vulnerabilities > Searchblox

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2020-10129 Improper Privilege Management vulnerability in Searchblox
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
network
low complexity
searchblox CWE-269
8.8
2023-09-06 CVE-2020-10130 Authorization Bypass Through User-Controlled Key vulnerability in Searchblox
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
network
low complexity
searchblox CWE-639
8.8
2023-09-06 CVE-2020-10131 Improper Neutralization of Formula Elements in a CSV File vulnerability in Searchblox
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
network
low complexity
searchblox CWE-1236
critical
9.8
2023-09-06 CVE-2020-10132 Cross-site Scripting vulnerability in Searchblox
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.
network
low complexity
searchblox CWE-79
6.1
2023-09-05 CVE-2020-10128 Cross-site Scripting vulnerability in Searchblox
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters.
network
low complexity
searchblox CWE-79
5.4
2021-05-20 CVE-2020-35580 Path Traversal vulnerability in Searchblox
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request.
network
low complexity
searchblox CWE-22
5.0
2018-06-05 CVE-2018-11586 Server-Side Request Forgery (SSRF) vulnerability in Searchblox 8.6.7
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
network
low complexity
searchblox CWE-918
7.5
2018-06-01 CVE-2018-11538 Cross-Site Request Forgery (CSRF) vulnerability in Searchblox 8.6.6
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
6.8
2015-12-21 CVE-2015-7919 Permissions, Privileges, and Access Controls vulnerability in Searchblox 8.3.0
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.
network
low complexity
searchblox CWE-264
6.4
2015-06-18 CVE-2015-3422 Cross-site Scripting vulnerability in Searchblox
Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.
network
searchblox CWE-79
4.3