CVE-2005-3758

Description

Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.

Affected products

• Google / mini_search_appliance
• Google / search_appliance

References

• MISChttp://www.osvdb.org/20980
• VENDOR_ADVISORYhttp://secunia.com/advisories/17644
• EXPLOIThttp://metasploit.com/research/vulns/google_proxystylesheet/
• MISChttp://www.securityfocus.com/archive/1/417310/30/0/threaded
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2005/2500
• MISChttp://www.securityfocus.com/bid/15509
• MISChttp://securitytracker.com/id?1015246