TITLE:
Google Search Appliances UTF-7 Cross-Site Scripting
SECUNIA ADVISORY ID:
SA23239
VERIFY ADVISORY:
http://secunia.c
om/advisories/23239/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
OPERATING SYSTEM:
Google Search Appliance
http://secunia.com/
product/11157/
Google Mini Search Appliance
http://secunia.com/p
roduct/6166/
DESCRIPTION:
A vulnerability in Google Mini Search Appliance and Google
Search Appliance, which can be exploited by malicious people
to
conduct cross-site scripting attacks.
The vulnerability is caused due to an error within the
handling
of
UTF-7 encoded URIs. This can be exploited to execute
arbitrary
HTML
and script code in a user's browser session in context of an
affected
site.
SOLUTION:
Filter malicious characters and character sequences in a
proxy.
ORIGINAL ADVISORY:
http://sla.cker
s.org/forum/read.php?3,3109
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|