Vulnerabilities > CVE-2005-3758 - Remote vulnerability in Google Mini Search Appliance and Search Appliance

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
google
nessus

Summary

Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.

Vulnerable Configurations

Part Description Count
Hardware
Google
2

Nessus

NASL familyCGI abuses
NASL idGOOGLE_SEARCH_APPLIANCE_PROXYSTYLESHEET.NASL
descriptionThe remote Google Search Appliance / Mini Search Appliance fails to sanitize user-supplied input to the
last seen2020-06-01
modified2020-06-02
plugin id20241
published2005-11-22
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20241
titleGoogle Search Appliance proxystylesheet Parameter Multiple Remote Vulnerabilities (XSS, Code Exec, ID)