Vulnerabilities > Searchblox > Searchblox > 9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2020-10129 | Improper Privilege Management vulnerability in Searchblox SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality. | 8.8 |
| 2023-09-06 | CVE-2020-10130 | Authorization Bypass Through User-Controlled Key vulnerability in Searchblox SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. | 8.8 |
| 2023-09-06 | CVE-2020-10131 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Searchblox SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter. | 9.8 |
| 2023-09-06 | CVE-2020-10132 | Cross-site Scripting vulnerability in Searchblox SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration. | 6.1 |
| 2023-09-05 | CVE-2020-10128 | Cross-site Scripting vulnerability in Searchblox SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. | 5.4 |
| 2021-05-20 | CVE-2020-35580 | Path Traversal vulnerability in Searchblox A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. | 7.5 |