Home/Product/searchblox
Product

searchblox

17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2020-10132
< 9.1
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.
6.1MEDIUM
 CVE-2020-10131
< 9.2.1
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
9.8CRITICAL
 CVE-2020-10130
< 9.1
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users i
8.8HIGH
 CVE-2020-10129
< 9.2.1
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.
8.8HIGH
 CVE-2020-10128
< 9.2.1
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In Se
5.4MEDIUM
 CVE-2020-35580
< 9.2.2
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to rea
7.5HIGH
 CVE-2018-11586
all versions
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitra
9.8CRITICAL
 CVE-2018-11538
all versions
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters beca
8.8HIGH
 CVE-2015-7919
all versions
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (appli
10.0CRITICAL
 CVE-2015-3422
<= 8.2
Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML
 CVE-2015-0970
<= 8.1
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of a
8.8HIGH
 CVE-2015-0969
<= 8.1
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.
 CVE-2015-0968
<= 8.1
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbit
 CVE-2015-0967
<= 8.1
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script
 CVE-2013-3598
<= 7.5
Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to ove
 CVE-2013-3597
<= 7.5
servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getLi
 CVE-2013-3590
<= 7.5
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execu
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns TAXII feed Data sources
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh