Vulnerabilities > Searchblox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2020-10132 | Cross-site Scripting vulnerability in Searchblox SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration. | 6.1 |
| 2023-09-05 | CVE-2020-10128 | Cross-site Scripting vulnerability in Searchblox SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. | 5.4 |
| 2021-05-20 | CVE-2020-35580 | Path Traversal vulnerability in Searchblox A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. | 5.0 |
| 2018-06-01 | CVE-2018-11538 | Cross-Site Request Forgery (CSRF) vulnerability in Searchblox 8.6.6 servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass. | 6.8 |
| 2015-12-21 | CVE-2015-7919 | Permissions, Privileges, and Access Controls vulnerability in Searchblox 8.3.0 SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. | 6.4 |
| 2015-06-18 | CVE-2015-3422 | Cross-site Scripting vulnerability in Searchblox Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp. | 4.3 |
| 2015-04-18 | CVE-2015-0970 | Cross-Site Request Forgery (CSRF) vulnerability in Searchblox Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2015-04-18 | CVE-2015-0969 | Information Exposure vulnerability in Searchblox SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. | 5.0 |
| 2015-04-18 | CVE-2015-0967 | Cross-site Scripting vulnerability in Searchblox Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp. | 4.3 |
| 2013-08-28 | CVE-2013-3598 | Path Traversal vulnerability in Searchblox Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. | 5.0 |