The Google Search Appliance contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application will process a remote XSLT style sheet specified in the proxystylesheet parameter. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Upgrade to the version specified by Google advisory GA-2005-08-m, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1015246
• Bugtraq ID: 15509
• Secunia Advisory ID: 17644
• CVE ID: 2005-3758 (see also: NVD)
• Related OSVDB ID: 20977 20978 20979 20981
• Metasploit ID: 20980
• VUPEN Advisory: ADV-2005-2500
• Other Advisory URL: http://metasploit.com/research/vulns/google_proxystylesheet/
• News Article: http://news.techwhack.com/2526/221129-google-fixes-security-flaws-in-google-mini/
  http://www.eweek.com/article2/0,1895,1891796,00.asp
  http://www.techworld.com/networking/news/index.cfm?NewsID=4840
  http://www.webpronews.com/insiderreports/searchinsider/wpn-49-20051122GoogleMiniNeededBigSecurityPatch.html

• H D Moore - hdmmetasploit.com - DigitalOffense