Headline
CVE-2020-10132: Version 9.1
SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.
Changelog
- fixed: Search support for special characters such as backslash and colon
- fixed: Issue with indexing URLs with spaces
- fixed: Issue with long title PDF titles
- fixed: SearchBlox minor search issues
- fixed: Security Vulnerability issues listed below
- Vulnerability #1: Stored Cross-site Scripting – Username Field
- Vulnerability #2: Stored Cross-site Scripting – Role Field
- Vulnerability #3: Stored Cross-site Scripting – Group, New-group Fields
- Vulnerability #4: Stored Cross-site Scripting –Add cluster node, Name of the cluster Fields of Cluster
- Vulnerability #5: Stored Cross-site Scripting – Multiple Fields of Featured Results.
- Vulnerability #6: Privilege Escalation: Lower user has access to Admin Tab
- fixed: Issue with ignore canonical setting on refresh
- fixed: Issue with the description in Mongo DB, Database collection
- fixed: Updated libraries for Database collection
- fixed: Encoding issue with search servlet
- fixed: Jetty security fix
- fixed: Issue with context encoding
- fixed: Issue with Delete API and Delete Document
- fixed: Minor issues with HTTP collection settings
- fixed: Issue with indexing of Visio file
- fixed: Replicas in the cluster have been set to 2 by default
- fixed: Issue with indexing URLs with encoded values
- fixed: Issue with search context with HTML tags
- fixed: Issue with search settings update while uploading config file
- fixed: Issue with the hyphen in phrase and exact match in featured results
- fixed: Issue with stopwords in URL