Vulnerabilities > CVE-2005-3758 - Unspecified vulnerability in Google Mini Search Appliance and Search Appliance
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN google
nessus
Summary
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 2 |
Nessus
| NASL family | CGI abuses |
| NASL id | GOOGLE_SEARCH_APPLIANCE_PROXYSTYLESHEET.NASL |
| description | The remote Google Search Appliance / Mini Search Appliance fails to sanitize user-supplied input to the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 20241 |
| published | 2005-11-22 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/20241 |
| title | Google Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID) |
References
- http://metasploit.com/research/vulns/google_proxystylesheet/
- http://metasploit.com/research/vulns/google_proxystylesheet/
- http://secunia.com/advisories/17644
- http://secunia.com/advisories/17644
- http://securitytracker.com/id?1015246
- http://securitytracker.com/id?1015246
- http://www.osvdb.org/20980
- http://www.osvdb.org/20980
- http://www.securityfocus.com/archive/1/417310/30/0/threaded
- http://www.securityfocus.com/archive/1/417310/30/0/threaded
- http://www.securityfocus.com/bid/15509
- http://www.securityfocus.com/bid/15509
- http://www.vupen.com/english/advisories/2005/2500
- http://www.vupen.com/english/advisories/2005/2500