Vulnerabilities > Searchblox > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2020-10129 Improper Privilege Management vulnerability in Searchblox
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
network
low complexity
searchblox CWE-269
8.8
2023-09-06 CVE-2020-10130 Authorization Bypass Through User-Controlled Key vulnerability in Searchblox
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
network
low complexity
searchblox CWE-639
8.8
2021-05-20 CVE-2020-35580 Path Traversal vulnerability in Searchblox
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request.
network
low complexity
searchblox CWE-22
7.5
2018-06-01 CVE-2018-11538 Cross-Site Request Forgery (CSRF) vulnerability in Searchblox 8.6.6
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
network
low complexity
searchblox CWE-352
8.8
2015-04-18 CVE-2015-0970 Cross-Site Request Forgery (CSRF) vulnerability in Searchblox
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
searchblox CWE-352
8.8