Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message.
References
Link | Resource |
---|---|
http://metasploit.com/research/vulns/google_proxystylesheet/ | Vendor Advisory |
http://secunia.com/advisories/17644 | Vendor Advisory |
http://securitytracker.com/id?1015246 | Exploit Patch Vendor Advisory |
http://www.osvdb.org/20978 | Patch |
http://www.securityfocus.com/archive/1/417310/30/0/threaded | |
http://www.securityfocus.com/bid/15509 | Patch |
http://www.vupen.com/english/advisories/2005/2500 | |
http://metasploit.com/research/vulns/google_proxystylesheet/ | Vendor Advisory |
http://secunia.com/advisories/17644 | Vendor Advisory |
http://securitytracker.com/id?1015246 | Exploit Patch Vendor Advisory |
http://www.osvdb.org/20978 | Patch |
http://www.securityfocus.com/archive/1/417310/30/0/threaded | |
http://www.securityfocus.com/bid/15509 | Patch |
http://www.vupen.com/english/advisories/2005/2500 |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://metasploit.com/research/vulns/google_proxystylesheet/ - Vendor Advisory | |
References | () http://secunia.com/advisories/17644 - Vendor Advisory | |
References | () http://securitytracker.com/id?1015246 - Exploit, Patch, Vendor Advisory | |
References | () http://www.osvdb.org/20978 - Patch | |
References | () http://www.securityfocus.com/archive/1/417310/30/0/threaded - | |
References | () http://www.securityfocus.com/bid/15509 - Patch | |
References | () http://www.vupen.com/english/advisories/2005/2500 - |
Information
Published : 2005-11-22 21:03
Updated : 2024-11-21 00:02
NVD link : CVE-2005-3754
Mitre link : CVE-2005-3754
CVE.ORG link : CVE-2005-3754
JSON object : View
Products Affected
- search_appliance
- mini_search_appliance
CWE