Vulnerabilities
Vulnerable Software
Searchblox:  Security Vulnerabilities
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.
CVSS Score
8.8
EPSS Score
0.002
Published
2015-04-18
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.
CVSS Score
5.0
EPSS Score
0.005
Published
2015-04-18
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.
CVSS Score
7.5
EPSS Score
0.009
Published
2015-04-18
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.
CVSS Score
4.3
EPSS Score
0.005
Published
2015-04-18
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.
CVSS Score
6.8
EPSS Score
0.018
Published
2013-08-28
servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.
CVSS Score
5.0
EPSS Score
0.12
Published
2013-08-28
Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter.
CVSS Score
5.0
EPSS Score
0.003
Published
2013-08-28


Contact Us

Shodan ® - All rights reserved