Searchblox

searchblox

17 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (17)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-10132 1Searchblox 1Searchblox Nov 21, 2024 Sep 6, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.
CVE-2020-10131 1Searchblox 1Searchblox Nov 21, 2024 Sep 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
CVE-2020-10130 1Searchblox 1Searchblox Nov 21, 2024 Sep 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
CVE-2020-10129 1Searchblox 1Searchblox Nov 21, 2024 Sep 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
CVE-2020-10128 1Searchblox 1Searchblox Nov 21, 2024 Sep 5, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an...Show more SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.Show less
CVE-2020-35580 1Searchblox 1Searchblox Nov 21, 2024 May 20, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url=...Show more A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users.Show less
CVE-2018-11586 1Searchblox 1Searchblox Nov 21, 2024 Jun 5, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML...Show more XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.Show less
CVE-2018-11538 1Searchblox 1Searchblox Nov 21, 2024 Jun 1, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
CVE-2015-7919 1Searchblox 1Searchblox May 6, 2026 Dec 21, 2015 N/A· v4 10.0 CRITICAL· v3 6.4 MEDIUM· v2 SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.
CVE-2015-3422 1Searchblox 1Searchblox May 6, 2026 Jun 18, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.
CVE-2015-0970 1Searchblox 1Searchblox May 6, 2026 Apr 18, 2015 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2015-0969 1Searchblox 1Searchblox May 6, 2026 Apr 18, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.
CVE-2015-0968 1Searchblox 1Searchblox May 6, 2026 Apr 18, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type...Show more Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.Show less
CVE-2015-0967 1Searchblox 1Searchblox May 6, 2026 Apr 18, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Creat...Show more Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.Show less
CVE-2013-3598 1Searchblox 1Searchblox Apr 29, 2026 Aug 28, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter.
CVE-2013-3597 1Searchblox 1Searchblox Apr 29, 2026 Aug 28, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.
CVE-2013-3590 1Searchblox 1Searchblox Apr 29, 2026 Aug 28, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and th...Show more Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.Show less