Searchblox: >> Searchblox >> 6.2 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.
CVSS Score
4.3
EPSS Score
0.005
Published
2015-04-18
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.
CVSS Score
6.8
EPSS Score
0.018
Published
2013-08-28
servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.
CVSS Score
5.0
EPSS Score
0.12
Published
2013-08-28
Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter.
CVSS Score
5.0
EPSS Score
0.003
Published
2013-08-28
Page 2