Cross-Site Scripting Vulnerability in Google Mini Search Appliance by Google
CVE-2007-5255

Currently unrated

Key Information:

Vendor: Google
Status: Mini Search Appliance
Vendor: CVE Published:; 6 October 2007

What is CVE-2007-5255?

The vulnerability in Google Mini Search Appliance version 3.4.14 permits remote attackers to inject arbitrary web scripts or HTML into search results. This occurs via the 'ie' parameter in the '/search' URI, posing a risk of unauthorized access and data manipulation. Effective mitigation strategies are essential to safeguard against potential exploitation.

References

http://www.securityfocus.com/archive/1/482006/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securityvulns.ru/Sdocument32.html

x_refsource_MISC

http://www.vupen.com/english/advisories/2007/3327

vdb-entryx_refsource_VUPEN

EPSS Score

8% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 6, 2007
Vulnerability Reserved
Oct 6, 2007