CVE-2020-10128

MEDIUM

SearchBlox < 9.2.1 - Stored Cross-Site Scripting via Multiple User Input Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10128. PoCs published by InfoSec4Fun.

AI-analyzed exploit summary This repository contains a writeup describing a stored XSS vulnerability in SearchBlox before version 9.2.1. The vulnerability allows attackers to inject malicious JavaScript via multiple unsanitized parameters.

Description

SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.

Exploits (1)

nomisec WRITEUP

by InfoSec4Fun · poc

https://github.com/InfoSec4Fun/CVE-2020-10128

View Code ZIP pw:eip

This repository contains a writeup describing a stored XSS vulnerability in SearchBlox before version 9.2.1. The vulnerability allows attackers to inject malicious JavaScript via multiple unsanitized parameters.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: SearchBlox < 9.2.1

Auth required

Prerequisites: Access to vulnerable SearchBlox admin interface

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Release Notes

https://developer.searchblox.com/v9.2/changelog/version-921

Scores

CVSS v3 5.4

EPSS 0.0041

EPSS Percentile 32.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

searchblox/searchblox < 9.2.1

Published Sep 05, 2023

Tracked Since Feb 18, 2026