Cross-Site Scripting Vulnerability in Google Search Appliance and Google Mini
CVE-2006-6223

Currently unrated

Key Information:

Vendor: Google
Status: Mini Search Appliance; Search Appliance
Vendor: CVE Published:; 2 December 2006

Summary

An XSS vulnerability exists in the Google Search Appliance and Google Mini that enables remote attackers to inject arbitrary web scripts or HTML. This can be achieved through the manipulation of a UTF-7 encoded 'q' parameter in web requests. Exploitation of this flaw may allow malicious users to execute harmful scripts within the context of a victim's browser session, potentially leading to data theft, session hijacking, and further security risks.

References

http://securitytracker.com/id?1017317

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/30647

vdb-entryx_refsource_XF

http://sla.ckers.org/forum/read.php?3%2C3109

x_refsource_MISC

Timeline

Vulnerability published
Dec 2, 2006
Vulnerability Reserved
Dec 1, 2006