Filtered by vendor Searchblox
Subscribe
Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3422 | 1 Searchblox | 1 Searchblox | 2018-10-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp. | |||||
| CVE-2015-0969 | 1 Searchblox | 1 Searchblox | 2015-04-20 | 5.0 MEDIUM | N/A |
| SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. | |||||
| CVE-2015-0968 | 1 Searchblox | 1 Searchblox | 2015-04-20 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590. | |||||
| CVE-2015-0967 | 1 Searchblox | 1 Searchblox | 2015-04-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp. | |||||
| CVE-2013-3590 | 1 Searchblox | 1 Searchblox | 2013-10-07 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file. | |||||
| CVE-2013-3598 | 1 Searchblox | 1 Searchblox | 2013-09-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter. | |||||
| CVE-2013-3597 | 1 Searchblox | 1 Searchblox | 2013-09-05 | 5.0 MEDIUM | N/A |
| servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action. | |||||