Vulnerabilities > Searchblox > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2020-10131 Improper Neutralization of Formula Elements in a CSV File vulnerability in Searchblox
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
network
low complexity
searchblox CWE-1236
critical
9.8
2018-06-05 CVE-2018-11586 Server-Side Request Forgery (SSRF) vulnerability in Searchblox 8.6.7
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
network
low complexity
searchblox CWE-918
critical
9.8
2015-12-21 CVE-2015-7919 Permissions, Privileges, and Access Controls vulnerability in Searchblox 8.3.0
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.
network
low complexity
searchblox CWE-264
critical
10.0