searchblox CVE Vulnerabilities & Metrics

Focus on searchblox vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About searchblox Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with searchblox. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total searchblox CVEs: 14
Earliest CVE date: 28 Aug 2013, 13:09 UTC
Latest CVE date: 06 Sep 2023, 19:15 UTC

Latest CVE reference: CVE-2020-10132

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical searchblox CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.14

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	10
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS searchblox CVEs

These are the five CVEs with the highest CVSS scores for searchblox, sorted by severity first and recency.

CVE-2018-11586 searchblox Published on 05 Jun 2018, 21:29 UTC (CVSS: 7.5)
XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
CVE-2015-0968 searchblox Published on 18 Apr 2015, 02:00 UTC (CVSS: 7.5)
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.
CVE-2018-11538 searchblox Published on 01 Jun 2018, 19:29 UTC (CVSS: 6.8)
servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.
CVE-2015-0970 searchblox Published on 18 Apr 2015, 02:00 UTC (CVSS: 6.8)
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.
CVE-2013-3590 searchblox Published on 28 Aug 2013, 13:09 UTC (CVSS: 6.8)
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.

All CVEs for searchblox

CVE-2020-10132 searchblox vulnerability CVSS: 0 06 Sep 2023, 19:15 UTC

SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.

CVE-2020-10131 searchblox vulnerability CVSS: 0 06 Sep 2023, 19:15 UTC

SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.

CVE-2020-10130 searchblox vulnerability CVSS: 0 06 Sep 2023, 19:15 UTC

SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system.

CVE-2020-10129 searchblox vulnerability CVSS: 0 06 Sep 2023, 19:15 UTC

SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality.

CVE-2020-10128 searchblox vulnerability CVSS: 0 05 Sep 2023, 20:15 UTC

SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.

CVE-2020-35580 searchblox vulnerability CVSS: 5.0 20 May 2021, 16:15 UTC

A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users.

CVE-2018-11586 searchblox vulnerability CVSS: 7.5 05 Jun 2018, 21:29 UTC

XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

CVE-2018-11538 searchblox vulnerability CVSS: 6.8 01 Jun 2018, 19:29 UTC

servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.

CVE-2015-7919 searchblox vulnerability CVSS: 6.4 21 Dec 2015, 11:59 UTC

SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.

CVE-2015-3422 searchblox vulnerability CVSS: 4.3 18 Jun 2015, 18:59 UTC

Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp.

CVE-2015-0970 searchblox vulnerability CVSS: 6.8 18 Apr 2015, 02:00 UTC

Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2015-0969 searchblox vulnerability CVSS: 5.0 18 Apr 2015, 02:00 UTC

SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.

CVE-2015-0968 searchblox vulnerability CVSS: 7.5 18 Apr 2015, 02:00 UTC

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.

CVE-2015-0967 searchblox vulnerability CVSS: 4.3 18 Apr 2015, 02:00 UTC

Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.

CVE-2013-3598 searchblox vulnerability CVSS: 5.0 28 Aug 2013, 13:09 UTC

Directory traversal vulnerability in servlet/CreateTemplateServlet in SearchBlox before 7.5 build 1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the name parameter.

CVE-2013-3597 searchblox vulnerability CVSS: 5.0 28 Aug 2013, 13:09 UTC

servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.

CVE-2013-3590 searchblox vulnerability CVSS: 6.8 28 Aug 2013, 13:09 UTC

Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 7.5 build 1 allows remote attackers to execute arbitrary code by uploading an executable file with the image/jpeg content type, and then accessing this file via unspecified vectors, as demonstrated by access to a JSP file.