Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
searchblox searchblox vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2015-7919
SearchBlox 8.3 prior to 8.3.1 allows remote malicious users to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.
Searchblox Searchblox 8.3.0
9.8
CVSSv3
CVE-2020-10131
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
Searchblox Searchblox
1 Github repository
9.8
CVSSv3
CVE-2018-11586
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
Searchblox Searchblox 8.6.7
1 EDB exploit
8.8
CVSSv3
CVE-2020-10129
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
Searchblox Searchblox
1 Github repository
8.8
CVSSv3
CVE-2020-10130
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
Searchblox Searchblox
1 Github repository
8.8
CVSSv3
CVE-2018-11538
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
Searchblox Searchblox 8.6.6
1 EDB exploit
8.8
CVSSv3
CVE-2015-0970
Cross-site request forgery (CSRF) vulnerability in SearchBlox prior to 8.2 allows remote malicious users to hijack the authentication of arbitrary users.
Searchblox Searchblox
7.5
CVSSv3
CVE-2020-35580
A local file inclusion vulnerability in the FileServlet in all SearchBlox prior to 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the conte...
Searchblox Searchblox
6.1
CVSSv3
CVE-2020-10132
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.
Searchblox Searchblox
1 Github repository
5.4
CVSSv3
CVE-2020-10128
SearchBlox product with version prior to 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an malicious user to inject malicious JavaScript.
Searchblox Searchblox
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »