CVE

Id
26841  
CVE No.
CVE-2007-3484  
Status
Candidate  
Description
** DISPUTED ** Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the "search.php" script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website."  
Phase
Assigned (20070628)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
273852 26841 CVE-2007-3484 MISC:http://websecurity.com.ua/1050/  View
273853 26841 CVE-2007-3484 VIM:20070710 Vendor dispute - Google Custom Search Engine XSS (CVE-2007-3484)  View
273854 26841 CVE-2007-3484 URL:http://www.attrition.org/pipermail/vim/2007-July/001706.html  View
273855 26841 CVE-2007-3484 OSVDB:38038  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
53567 JVNDB-2007-002259 AltaVista の検索エンジンにおけるクロスサイトスクリプティングの脆弱性 AltaVista の検索エンジンには、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2007-3486 26841 4.3 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-002259.html  View