CVE-2015-3422

Name of the Vulnerable Software and Affected Versions SearchBlox versions prior to 8.2.1

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to the "admin/main.jsp" API endpoint.

Recommendations For versions prior to 8.2.1, update to version 8.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/main.jsp" endpoint or avoiding the use of the menu2 parameter until the issue is resolved.