Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2020-10132: Version 9.1

SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration.

CVE
#xss#vulnerability#pdf#mongo

Changelog

  • fixed: Search support for special characters such as backslash and colon
  • fixed: Issue with indexing URLs with spaces
  • fixed: Issue with long title PDF titles
  • fixed: SearchBlox minor search issues
  • fixed: Security Vulnerability issues listed below
    • Vulnerability #1: Stored Cross-site Scripting – Username Field
    • Vulnerability #2: Stored Cross-site Scripting – Role Field
    • Vulnerability #3: Stored Cross-site Scripting – Group, New-group Fields
    • Vulnerability #4: Stored Cross-site Scripting –Add cluster node, Name of the cluster Fields of Cluster
    • Vulnerability #5: Stored Cross-site Scripting – Multiple Fields of Featured Results.
    • Vulnerability #6: Privilege Escalation: Lower user has access to Admin Tab
  • fixed: Issue with ignore canonical setting on refresh
  • fixed: Issue with the description in Mongo DB, Database collection
  • fixed: Updated libraries for Database collection
  • fixed: Encoding issue with search servlet
  • fixed: Jetty security fix
  • fixed: Issue with context encoding
  • fixed: Issue with Delete API and Delete Document
  • fixed: Minor issues with HTTP collection settings
  • fixed: Issue with indexing of Visio file
  • fixed: Replicas in the cluster have been set to 2 by default
  • fixed: Issue with indexing URLs with encoded values
  • fixed: Issue with search context with HTML tags
  • fixed: Issue with search settings update while uploading config file
  • fixed: Issue with the hyphen in phrase and exact match in featured results
  • fixed: Issue with stopwords in URL

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907