Google Search Appliance (GSA) devices contain a cross-site scripting (XSS) vulnerability when dynamic navigation is enabled.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.
Apply an update
Disable dynamic navigation
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
|Date First Published:||2014-05-01|
|Date Last Updated:||2014-05-01 18:23 UTC|