Lucene search

[email protected]CVE-2005-3758

HistoryNov 22, 2005 - 9:03 p.m.

CVE-2005-3758

2005-11-2221:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3758

xss

google

search appliance

nvd

security

vulnerability

web security

xss vulnerability

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.436 Medium

EPSS

Percentile

97.3%

JSON

Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.

CPENameOperatorVersion
google:mini_search_appliancegoogle mini search applianceeq*
google:search_appliancegoogle search applianceeq*

CPE	Name	Operator	Version
google:mini_search_appliance	google mini search appliance	eq	*
google:search_appliance	google search appliance	eq	*

References

metasploit.com/research/vulns/google_proxystylesheet/

secunia.com/advisories/17644

securitytracker.com/id?1015246

www.osvdb.org/20980

www.securityfocus.com/archive/1/417310/30/0/threaded

www.securityfocus.com/bid/15509

www.vupen.com/english/advisories/2005/2500

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.436 Medium

EPSS

Percentile

97.3%

JSON

Related for CVE-2005-3758

nessus1