CVE-2005-3754

Опубликовано: 22 нояб. 2005

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message.

Ссылки

http://metasploit.com/research/vulns/google_proxystylesheet/
Vendor Advisory
http://secunia.com/advisories/17644
Vendor Advisory
http://securitytracker.com/id?1015246
Exploit
Patch
Vendor Advisory
http://www.osvdb.org/20978
Patch
http://www.securityfocus.com/archive/1/417310/30/0/threaded
http://www.securityfocus.com/bid/15509
Patch
http://www.vupen.com/english/advisories/2005/2500
http://metasploit.com/research/vulns/google_proxystylesheet/
Vendor Advisory
http://secunia.com/advisories/17644
Vendor Advisory
http://securitytracker.com/id?1015246
Exploit
Patch
Vendor Advisory
http://www.osvdb.org/20978
Patch
http://www.securityfocus.com/archive/1/417310/30/0/threaded
http://www.securityfocus.com/bid/15509
Patch
http://www.vupen.com/english/advisories/2005/2500

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:h:google:mini_search_appliance:*:*:*:*:*:*:*:*

cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00901

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-g3r4-vfx7-4frf

github

почти 4 года назад