Vulnerabilities > Searchblox
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-18 | CVE-2015-0970 | Cross-Site Request Forgery (CSRF) vulnerability in Searchblox Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2015-04-18 | CVE-2015-0969 | Information Exposure vulnerability in Searchblox SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. | 5.0 |
| 2015-04-18 | CVE-2015-0968 | Unspecified vulnerability in Searchblox Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590. | 7.5 |
| 2015-04-18 | CVE-2015-0967 | Cross-site Scripting vulnerability in Searchblox Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp. | 4.3 |
| 2013-08-28 | CVE-2013-3598 | Path Traversal vulnerability in Searchblox Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. | 5.0 |
| 2013-08-28 | CVE-2013-3597 | Information Exposure vulnerability in Searchblox servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. | 5.0 |
| 2013-08-28 | CVE-2013-3590 | Remote Command Injection vulnerability in SearchBlox Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file. network searchblox | 6.8 |