Vulnerabilities > Searchblox > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2020-10129 Improper Privilege Management vulnerability in Searchblox
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
network
low complexity
searchblox CWE-269
8.8
2023-09-06 CVE-2020-10130 Authorization Bypass Through User-Controlled Key vulnerability in Searchblox
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
network
low complexity
searchblox CWE-639
8.8
2018-06-05 CVE-2018-11586 Server-Side Request Forgery (SSRF) vulnerability in Searchblox 8.6.7
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
network
low complexity
searchblox CWE-918
7.5
2015-04-18 CVE-2015-0968 Unspecified vulnerability in Searchblox
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.
network
low complexity
searchblox
7.5