CVE-2005-3758

Currently unrated

Key Information:

Vendor
Google
Status
Mini Search Appliance
Search Appliance
Vendor
CVE Published:
22 November 2005

Summary

Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.

References

http://www.osvdb.org/20980
vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/17644
third-party-advisoryx_refsource_SECUNIA
http://metasploit.com/research/vulns/google_proxystylesheet/
x_refsource_MISC

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.