CVE-2007-3484

Name of the Vulnerable Software and Affected Versions Google Custom Search Engine (affected versions not specified)

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the q parameter in the search functionality. This issue is disputed by the Google Security Team, who claims that Google does not provide the 'search.php' script referenced and instead provides users with a block of JavaScript to include on their site, with some users writing additional code for further customization.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.