CVE-2020-10132 - SearchBlox product before V-9.1 is vulnerable to CORS misconfiguration.# CVE-2020-10132 - CVE-2020-10132 - SearchBlox product before V-9.1 is vulnerable to CORS misconfiguration.
**Product Description:** SearchBlox simplifies enterprise search for complex organizations. SearchBlox intuitive and intelligent tools offer out-of-the-box setup, secure encryption, and low total cost of ownership. AI-powered solutions optimize each step of the search journey to dramatically improve engagement. SearchBlox is the easy choice for leaders in financial services, healthcare, and government.
**Description:** SearchBlox before Version 9.1 is vulnerable to CORS misconfiguration
**Vulnerability Type:** Cross-origin resource sharing misconfigure
**Severity Rating:** Medium
**Vendor of Product:** SearchBlox
**Affected Product Code Base:** SearchBlox-9.1
**Affected Component:** SearchBlox product with version before 9.1 is vulnerable to Cross-origin resource sharing misconfigure.
**Attack Type:** Remote
**Impact Information Disclosure:** True
**Attack Vectors:** To exploit this vulnerability attacker must use the below URL
(http://<Web-Interface-URLs>/searchblox/admin/main.jsp)
**Has the vendor confirmed or acknowledged the vulnerability?:** True
**Reference:** [Version 9.1 (searchblox.com) ](https://developer.searchblox.com/v9.2/changelog/version-91)
**Exploit Author:** Amar Kaldate
**Contact:** [ Amar Kaldate | LinkedIn ](https://www.linkedin.com/in/amar-kaldate/)
[4.0K] /data/pocs/5f214a3cf17c5087ebdf490f8843e60dd649a9ff
└── [1.4K] README.md
0 directories, 1 file