Searchblox
by Searchblox
CVEs (14)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-7919 | Cri | 0.65 | 10.0 | 0.02 | Dec 21, 2015 | SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. | |
| CVE-2015-0970 | Hig | 0.57 | 8.8 | 0.00 | Apr 18, 2015 | Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2013-3597 | 0.06 | — | 0.38 | Aug 28, 2013 | servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. | ||
| CVE-2020-10131 | 0.01 | — | 0.09 | Sep 6, 2023 | SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter. | ||
| CVE-2020-10132 | 0.00 | — | 0.04 | Sep 6, 2023 | SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration. | ||
| CVE-2020-10130 | 0.00 | — | 0.00 | Sep 6, 2023 | SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. | ||
| CVE-2020-10129 | 0.00 | — | 0.00 | Sep 6, 2023 | SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality. | ||
| CVE-2020-10128 | 0.00 | — | 0.00 | Sep 5, 2023 | SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript. | ||
| CVE-2015-3422 | 0.00 | — | 0.00 | Jun 18, 2015 | Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp. | ||
| CVE-2015-0969 | 0.00 | — | 0.01 | Apr 18, 2015 | SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. | ||
| CVE-2015-0968 | 0.00 | — | 0.02 | Apr 18, 2015 | Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590. | ||
| CVE-2015-0967 | 0.00 | — | 0.01 | Apr 18, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp. | ||
| CVE-2013-3598 | 0.00 | — | 0.01 | Aug 28, 2013 | Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter. | ||
| CVE-2013-3590 | 0.00 | — | 0.04 | Aug 28, 2013 | Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file. |
- risk 0.65cvss 10.0epss 0.02
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.
- risk 0.57cvss 8.8epss 0.00
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.
- CVE-2013-3597Aug 28, 2013risk 0.06cvss —epss 0.38
servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.
- CVE-2020-10131Sep 6, 2023risk 0.01cvss —epss 0.09
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
- CVE-2020-10132Sep 6, 2023risk 0.00cvss —epss 0.04
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.
- CVE-2020-10130Sep 6, 2023risk 0.00cvss —epss 0.00
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.
- CVE-2020-10129Sep 6, 2023risk 0.00cvss —epss 0.00
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
- CVE-2020-10128Sep 5, 2023risk 0.00cvss —epss 0.00
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.
- CVE-2015-3422Jun 18, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.
- CVE-2015-0969Apr 18, 2015risk 0.00cvss —epss 0.01
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.
- CVE-2015-0968Apr 18, 2015risk 0.00cvss —epss 0.02
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.
- CVE-2015-0967Apr 18, 2015risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.
- CVE-2013-3598Aug 28, 2013risk 0.00cvss —epss 0.01
Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter.
- CVE-2013-3590Aug 28, 2013risk 0.00cvss —epss 0.04
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.