Vulnerability Details CVE-2020-10128
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.7%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2020-10128
-
cpe:2.3:a:searchblox:searchblox:-
-
cpe:2.3:a:searchblox:searchblox:6.2
-
cpe:2.3:a:searchblox:searchblox:6.3
-
cpe:2.3:a:searchblox:searchblox:6.4
-
cpe:2.3:a:searchblox:searchblox:7.0
-
cpe:2.3:a:searchblox:searchblox:7.1
-
cpe:2.3:a:searchblox:searchblox:7.2
-
cpe:2.3:a:searchblox:searchblox:7.3
-
cpe:2.3:a:searchblox:searchblox:7.4
-
cpe:2.3:a:searchblox:searchblox:7.5
-
cpe:2.3:a:searchblox:searchblox:8.1
-
cpe:2.3:a:searchblox:searchblox:8.2
-
cpe:2.3:a:searchblox:searchblox:8.3.0
-
cpe:2.3:a:searchblox:searchblox:8.6.6
-
cpe:2.3:a:searchblox:searchblox:8.6.7
-
cpe:2.3:a:searchblox:searchblox:8.6.8
-
cpe:2.3:a:searchblox:searchblox:8.6.9
-
cpe:2.3:a:searchblox:searchblox:9.0
-
cpe:2.3:a:searchblox:searchblox:9.1
-
cpe:2.3:a:searchblox:searchblox:9.2