Arbitrary JavaScript Injection via Proxystylesheet Variable in Google Mini Search Appliance

Arbitrary JavaScript Injection via Proxystylesheet Variable in Google Mini Search Appliance

CVE-2005-3758 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.

Learn more about our Web App Pen Testing.