Skip to content
/ CVE-2020-10131 Public

CVE-2020-10131 - SearchBlox Product before V-9.2.1 is Vulnerable to CSV macro injection.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

InfoSec4Fun/CVE-2020-10131

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

README.md

README.md

 
 

Repository files navigation

CVE-2020-10131 - CVE-2020-10131 - SearchBlox Product before V-9.2.1 is Vulnerable to CSV macro injection.

Product Description: SearchBlox simplifies enterprise search for complex organizations. SearchBlox intuitive and intelligent tools offer out-of-the-box setup, secure encryption, and low total cost of ownership. AI-powered solutions optimize each step of the search journey to dramatically improve engagement. SearchBlox is the easy choice for leaders in financial services, healthcare, and government.

Description: SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in featured results parameter.

Vulnerability Type: CSV macro injection

Severity Rating: Medium

Vendor of Product: SearchBlox

Affected Product Code Base: SearchBlox-9.2

Affected Component: SearchBlox product with version before 9.2.1 is vulnerable to CSV Macro Injection in Featured Results.

Attack Type: Remote

Impact Information Disclosure: True

Attack Vectors: To exploit this vulnerability attacker must use the below URL (http:///searchblox/admin/main.jsp?menu1=res)

Has the vendor confirmed or acknowledged the vulnerability?: True

Reference: Version 9.2.1 (searchblox.com)

Exploit Author: Amar Kaldate

Contact: Amar Kaldate | LinkedIn

About

CVE-2020-10131 - SearchBlox Product before V-9.2.1 is Vulnerable to CSV macro injection.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published