CVE-2005-3869

Name of the Vulnerable Software and Affected Versions Google API Search versions 1.3.1 and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter. This can be exploited by sending malicious input to the index.php file.

Recommendations For Google API Search versions 1.3.1 and earlier, update to a version later than 1.3.1 to resolve the issue. As a temporary workaround, consider restricting access to the index.php file or validating and sanitizing user input for the REQ parameter to prevent malicious code injection.