Intrusion Prevention

Google.Appliance.ProxyStyleSheet.Command.Execution

Description

This indicates a possible Cross-site scripting exploit targetting the Google Mini Search applicance.
The Google Mini Search Appliance, and possibly Google Search Appliance may allow remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.

Affected Products

Google Search Appliance and Google Mini Search Appliance.

Impact

Compromise of the system.

Recommended Actions

The vendor has released advisory GA-2005-08-m to address this issue, apply appropriate patch from the vendor.

CVE References

CVE-2005-3758