Cross-site Scripting Vulnerability in Google Mini and Search Appliances
CVE-2005-3754

Currently unrated

Key Information:

Vendor: Google
Status: Mini Search Appliance; Search Appliance
Vendor: CVE Published:; 22 November 2005

Summary

A cross-site scripting (XSS) vulnerability exists in the Google Mini Search Appliance and potentially the Google Search Appliance. This flaw allows malicious attackers to inject arbitrary JavaScript and potentially other web scripts or HTML through the proxystylesheet variable. The injected code may be executed within the resulting error message, which can lead to unauthorized access or manipulation of sensitive information, impacting the security and integrity of the affected systems.

References

http://secunia.com/advisories/17644

third-party-advisoryx_refsource_SECUNIA

http://metasploit.com/research/vulns/google_proxystylesheet/

x_refsource_MISC

http://www.securityfocus.com/archive/1/417310/30/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Nov 22, 2005
Vulnerability Reserved
Nov 22, 2005