CVE-2015-0967

Name of the Vulnerable Software and Affected Versions SearchBlox versions prior to 8.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via two main avenues: the search field in plugin/index.html or the title field in the Create Featured Result form in admin/main.jsp.

Recommendations For versions prior to 8.2, update to version 8.2 or later to resolve the issue. As a temporary workaround, consider restricting user input in the search field and the title field of the Create Featured Result form to minimize the risk of exploitation. Avoid using potentially malicious input in these fields until the issue is resolved.