CVE Tools

searchblox

Cloud & SaaScommercial

14

Cumulative CVEs

5

Monthly snapshots

#31

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting searchblox.

CVE-2020-10132CVE-2020-101326.1Sep 6, 2023
CVE-2020-10131CVE-2020-101319.8Sep 6, 2023
CVE-2020-10130CVE-2020-101308.8Sep 6, 2023
CVE-2020-10129CVE-2020-101298.8Sep 6, 2023
CVE-2020-10128SearchBlox product before V-9.2.1 is vulnerable to Stored-Cross Site Scripting5.4Sep 5, 2023
CVE-2020-35580A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servl...7.5May 20, 2021
CVE-2018-11586XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via ...9.8Jun 5, 2018
CVE-2018-11538servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.8.8Jun 1, 2018
CVE-2015-7919SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.10.0Dec 21, 2015
CVE-2015-3422Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.4.3Jun 18, 2015
CVE-2015-0970Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.8.8Apr 18, 2015
CVE-2015-0969SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.5.0Apr 18, 2015
CVE-2015-0968Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the ...7.5Apr 18, 2015
CVE-2015-0967Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the t...4.3Apr 18, 2015
CVE-2013-3598Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter.5.0Aug 28, 2013