Cross-site Scripting Vulnerability in Google Search Appliance
CVE-2014-0362

Currently unrated

Key Information:

Vendor: Google
Status: Search Appliance Software
Vendor: CVE Published:; 8 May 2014

Summary

A cross-site scripting vulnerability exists in the Google Search Appliance that affects versions before 7.0.14.G.216 and 7.2 before 7.2.0.G.114 when dynamic navigation is enabled. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the application via user input incorporated within a SCRIPT element. Exploitation of this vulnerability can lead to unauthorized actions taken on behalf of users, potentially compromising their sensitive data.

References

http://www.securityfocus.com/bid/67176

vdb-entryx_refsource_BID

http://www.kb.cert.org/vuls/id/673313

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
May 8, 2014
Vulnerability Reserved
Dec 5, 2013