CVE-2005-3758

Name of the Vulnerable Software and Affected Versions Google Mini Search Appliance (affected versions not specified) Google Search Appliance (affected versions not specified)

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.

Recommendations For Google Mini Search Appliance, restrict access to the proxystylesheet variable to minimize the risk of exploitation. For Google Search Appliance, avoid using the proxystylesheet variable until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.