Maluc found a cross-site scripting vulnerability in
Google Search Appliance, a box that indexes documents from intranet and web sites. If you set the output encoding to UTF-7, the appliance doesn't validate the query and you can pass JavaScript.
Here's one example for Stanford's site that uses Google Search Appliance:
stanford.edu.
No comments:
Post a Comment