PT-2014-3591 · Google · Google Search Appliance

Published

2014-05-08

Updated

2019-07-18

CVE-2014-0362

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Google Search Appliance (GSA) versions prior to 7.0.14.G.216 Google Search Appliance (GSA) version 7.2 prior to 7.2.0.G.114

Description A cross-site scripting (XSS) issue exists when dynamic navigation is configured, allowing remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element.

Recommendations For Google Search Appliance (GSA) versions prior to 7.0.14.G.216, update to version 7.0.14.G.216 or later. For Google Search Appliance (GSA) version 7.2 prior to 7.2.0.G.114, update to version 7.2.0.G.114 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2014-0362

Affected Products

Google Search Appliance

PT-2014-3591 · Google · Google Search Appliance

CVE-2014-0362

Weakness Enumeration

Related Identifiers

Affected Products

References · 4