Vulnerabilities > CVE-2005-3754 - Remote vulnerability in Google Mini Search Appliance and Search Appliance
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 2 |
Nessus
| NASL family | CGI abuses |
| NASL id | GOOGLE_SEARCH_APPLIANCE_PROXYSTYLESHEET.NASL |
| description | The remote Google Search Appliance / Mini Search Appliance fails to sanitize user-supplied input to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 20241 |
| published | 2005-11-22 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/20241 |
| title | Google Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID) |
References
- http://metasploit.com/research/vulns/google_proxystylesheet/
- http://secunia.com/advisories/17644
- http://securitytracker.com/id?1015246
- http://www.osvdb.org/20978
- http://www.securityfocus.com/archive/1/417310/30/0/threaded
- http://www.securityfocus.com/bid/15509
- http://www.vupen.com/english/advisories/2005/2500