google search appliance xss

MustLive from WebSecurity.com.ua [Ukrainian] found a XSS vulnerability in Google Search Appliance, “an integrated hardware and software search appliance used by thousands of organizations to find and share information on corporate networks or websites” [Google Press Release, Sept. 2006], including the United Nations and MI5.

What does that mean? Well, it differs from site to site. Some sites may only be affected a little bit while important data (e.g. user info, password, etc…) of some other sites may end up in the wrong hands.

“Security is only there to keep the good guys good.” - Ronald van den Heetkamp

[via Ha.ckers.org]