CVE-2020-10128

MEDIUM

Searchblox < 9.2.1 - XSS

Title source: rule

Description

SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.

Exploits (1)

nomisec WRITEUP

by InfoSec4Fun · poc

https://github.com/InfoSec4Fun/CVE-2020-10128

View Code ZIP pw:eip

References (1)

Core 1

Core References

Release Notes

https://developer.searchblox.com/v9.2/changelog/version-921

Scores

CVSS v3 5.4

EPSS 0.0021

EPSS Percentile 43.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

searchblox/searchblox < 9.2.1

Published Sep 05, 2023

Tracked Since Feb 18, 2026