CVE-2005-3754

Name of the Vulnerable Software and Affected Versions Google Mini Search Appliance (affected versions not specified) Google Search Appliance (affected versions not specified)

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable. This will be executed in the resulting error message.

Recommendations For Google Mini Search Appliance, avoid using the proxystylesheet variable until a fix is available. For Google Search Appliance, restrict access to the proxystylesheet variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.