Cross-Site Scripting Flaw in Google Mini and Search Appliance
CVE-2005-3758

Currently unrated

Key Information:

Vendor: Google
Status: Mini Search Appliance; Search Appliance
Vendor: CVE Published:; 22 November 2005

Summary

A cross-site scripting (XSS) vulnerability exists within the Google Mini Search Appliance and potentially the Google Search Appliance, enabling remote attackers to inject arbitrary JavaScript and other harmful web scripts. This is executed through a 'proxystylesheet' variable that contains a crafted XSLT stylesheet. Successful exploitation could lead to unauthorized actions performed on behalf of users, compromising the security and integrity of the affected systems.

References

http://www.osvdb.org/20980

vdb-entryx_refsource_OSVDB

http://secunia.com/advisories/17644

third-party-advisoryx_refsource_SECUNIA

http://metasploit.com/research/vulns/google_proxystylesheet/

x_refsource_MISC

Timeline

Vulnerability published
Nov 22, 2005
Vulnerability Reserved
Nov 22, 2005