Vulnerabilities > Searchblox > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-06 | CVE-2020-10129 | Improper Privilege Management vulnerability in Searchblox SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality. | 8.8 |
2023-09-06 | CVE-2020-10130 | Authorization Bypass Through User-Controlled Key vulnerability in Searchblox SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. | 8.8 |
2021-05-20 | CVE-2020-35580 | Path Traversal vulnerability in Searchblox A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. | 7.5 |
2018-06-01 | CVE-2018-11538 | Cross-Site Request Forgery (CSRF) vulnerability in Searchblox 8.6.6 servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. | 8.8 |
2015-04-18 | CVE-2015-0970 | Cross-Site Request Forgery (CSRF) vulnerability in Searchblox Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users. | 8.8 |