Cross-Site Scripting Vulnerability in Google Mini Search Appliance by Google
CVE-2007-5255

Currently unrated

Key Information:

Vendor: Google
Status: Mini Search Appliance
Vendor: CVE Published:; 6 October 2007

Summary

The vulnerability in Google Mini Search Appliance version 3.4.14 permits remote attackers to inject arbitrary web scripts or HTML into search results. This occurs via the 'ie' parameter in the '/search' URI, posing a risk of unauthorized access and data manipulation. Effective mitigation strategies are essential to safeguard against potential exploitation.

References

http://www.securityfocus.com/archive/1/482006/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securityvulns.ru/Sdocument32.html

x_refsource_MISC

http://www.vupen.com/english/advisories/2007/3327

vdb-entryx_refsource_VUPEN

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 6, 2007
Vulnerability Reserved
Oct 6, 2007