Cross-Site Scripting Vulnerability in Google Search Appliance and Google Mini
CVE-2006-6223

Currently unrated

Key Information:

Vendor: Google
Status: Mini Search Appliance; Search Appliance
Vendor: CVE Published:; 2 December 2006

What is CVE-2006-6223?

An XSS vulnerability exists in the Google Search Appliance and Google Mini that enables remote attackers to inject arbitrary web scripts or HTML. This can be achieved through the manipulation of a UTF-7 encoded 'q' parameter in web requests. Exploitation of this flaw may allow malicious users to execute harmful scripts within the context of a victim's browser session, potentially leading to data theft, session hijacking, and further security risks.

References

http://securitytracker.com/id?1017317

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/30647

vdb-entryx_refsource_XF

http://sla.ckers.org/forum/read.php?3%2C3109

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2006
Vulnerability Reserved
Dec 1, 2006