Vulnerabilities > Searchblox

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-06	CVE-2020-10129	Improper Privilege Management vulnerability in Searchblox SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality. network low complexity searchblox CWE-269	8.8
2023-09-06	CVE-2020-10130	Authorization Bypass Through User-Controlled Key vulnerability in Searchblox SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. network low complexity searchblox CWE-639	8.8
2023-09-06	CVE-2020-10131	Improper Neutralization of Formula Elements in a CSV File vulnerability in Searchblox SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter. network low complexity searchblox CWE-1236 critical	9.8
2023-09-06	CVE-2020-10132	Cross-site Scripting vulnerability in Searchblox SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration. network low complexity searchblox CWE-79	6.1
2023-09-05	CVE-2020-10128	Cross-site Scripting vulnerability in Searchblox SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. network low complexity searchblox CWE-79	5.4
2021-05-20	CVE-2020-35580	Path Traversal vulnerability in Searchblox A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. network low complexity searchblox CWE-22	5.0
2018-06-05	CVE-2018-11586	Server-Side Request Forgery (SSRF) vulnerability in Searchblox 8.6.7 XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. network low complexity searchblox CWE-918	7.5
2018-06-01	CVE-2018-11538	Cross-Site Request Forgery (CSRF) vulnerability in Searchblox 8.6.6 servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. network searchblox CWE-352	6.8
2015-12-21	CVE-2015-7919	Permissions, Privileges, and Access Controls vulnerability in Searchblox 8.3.0 SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. network low complexity searchblox CWE-264	6.4
2015-06-18	CVE-2015-3422	Cross-site Scripting vulnerability in Searchblox Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp. network searchblox CWE-79	4.3

Vulnerabilities > Searchblox {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Searchblox"}]}

Vulnerabilities > Searchblox