CVE-2014-0362

Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
googlesearch_appliance_software
7.0 ≤
𝑥
< 7.0.14.g.216
googlesearch_appliance_software
7.2 ≤
𝑥
< 7.2.0.g.114
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/673313
http://www.securityfocus.com/bid/67176
http://www.kb.cert.org/vuls/id/673313
http://www.securityfocus.com/bid/67176