Google search box opens up XSS vulnerability

Couldn’t think of a sarcastic title for this post, and I don’t think it makes a heck of a lot of difference anyway – it’s just news, and not much to worry about. The Google Search Appliance, that box companies throw on the rack to help them weed through data on their own networks, opens up a cross-site scripting vulnerability that can allow phishers to promote their own scams.

Google has already issued a fix, and if the organizations using the system don’t want to pay attention, it becomes their problem alone.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.