Headline
CVE-2020-10128: Version 9.2.1
SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript.
about 3 years ago
by Joe Nisha Arvind
**
Fixed
**
- Security Vulnerability issues listed below have been resolved
- Vulnerability #1: CVE-2020-10131 Stored Cross-site Scripting – Username Field
- Vulnerability #2: CVE-2020-10128 CSV Excel Macro Injection in Collection
- Vulnerability #3: CVE-2020-10128 CSV Excel Macro Injection in Featured Result
- Vulnerability #4: Apache Zookeeper Common/Default Nodes Accessible Without ACL
- Featured result expiry date mismatch issue