Vulnerabilities > CVE-2005-3754 - Remote vulnerability in Google Mini Search Appliance and Search Appliance

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
google
nessus

Summary

Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message.

Vulnerable Configurations

Part Description Count
Hardware
Google
2

Nessus

NASL familyCGI abuses
NASL idGOOGLE_SEARCH_APPLIANCE_PROXYSTYLESHEET.NASL
descriptionThe remote Google Search Appliance / Mini Search Appliance fails to sanitize user-supplied input to the
last seen2020-06-01
modified2020-06-02
plugin id20241
published2005-11-22
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20241
titleGoogle Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID)