XML external entity (XXE) vulnerability in api/rest/status in SearchBlox 8.6.7 allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSearchblox
APPSearchblox8.6.7
Related vulnerabilities
SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter.
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a deni...
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple...
SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin func...
A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthen...