Vulnerabilities > Searchblox > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-06 CVE-2020-10132 Cross-site Scripting vulnerability in Searchblox
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.
network
low complexity
searchblox CWE-79
6.1
2023-09-05 CVE-2020-10128 Cross-site Scripting vulnerability in Searchblox
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters.
network
low complexity
searchblox CWE-79
5.4
2021-05-20 CVE-2020-35580 Path Traversal vulnerability in Searchblox
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request.
network
low complexity
searchblox CWE-22
5.0
2018-06-01 CVE-2018-11538 Cross-Site Request Forgery (CSRF) vulnerability in Searchblox 8.6.6
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
6.8
2015-12-21 CVE-2015-7919 Permissions, Privileges, and Access Controls vulnerability in Searchblox 8.3.0
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.
network
low complexity
searchblox CWE-264
6.4
2015-06-18 CVE-2015-3422 Cross-site Scripting vulnerability in Searchblox
Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.
network
searchblox CWE-79
4.3
2015-04-18 CVE-2015-0970 Cross-Site Request Forgery (CSRF) vulnerability in Searchblox
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.
6.8
2015-04-18 CVE-2015-0969 Information Exposure vulnerability in Searchblox
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.
network
low complexity
searchblox CWE-200
5.0
2015-04-18 CVE-2015-0967 Cross-site Scripting vulnerability in Searchblox
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.
network
searchblox CWE-79
4.3
2013-08-28 CVE-2013-3598 Path Traversal vulnerability in Searchblox
Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a ..
network
low complexity
searchblox CWE-22
5.0