SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
Searchblox
NVD
CVSS 2.0
5.0
EPSS
1.2%
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
XSS
Searchblox
NVD
CVSS 2.0
4.3
EPSS
1.1%