Lucene search
CertccCVE-2014-0362HistoryMay 08, 2014 - 10:55 a.m.
CVE-2014-0362
2014-05-0810:55:03
CWE-79
certcc
web.nvd.nist.gov
26
cve-2014-0362
cross-site scripting
xss
google search appliance
gsa
security vulnerability
dynamic navigation
remote code injection
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
30.1%
Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element.
Affected configurations
Node
googlesearch_appliance_softwareRange7.0–7.0.14.g.216
ORgooglesearch_appliance_softwareRange7.2–7.2.0.g.114
| Vendor | Product | Version | CPE |
|---|---|---|---|
| search_appliance_software | * | cpe:2.3:a:google:search_appliance_software:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2014-0362
2014-05-08 10:55:03
cert
cert
prion
prion
Cross site scripting
2014-05-08 10:55:00
cvelist
cvelist
CVE-2014-0362
2014-05-08 10:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.001
Percentile
30.1%
Related for CVE-2014-0362