CVE-2007-3484

Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website.
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:custom_search_engine:*:*:*:*:*:*:*:*

History

03 Jul 2024, 01:35

Type Values Removed Values Added
CVSS v2 : 4.3
v3 : unknown
v2 : 4.3
v3 : 6.1

07 Nov 2023, 02:00

Type Values Removed Values Added
Summary ** DISPUTED ** Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website." Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website.

Information

Published : 2007-06-28 20:30

Updated : 2024-08-07 15:15


NVD link : CVE-2007-3484

Mitre link : CVE-2007-3484

CVE.ORG link : CVE-2007-3484


JSON object : View

Products Affected

google

  • custom_search_engine
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')