Google AJAX Search: Cross-Site Scripting (XSS) Vulnerability

Users of Google AJAX Search please be advised of a Cross-Site Scripting vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Google-SA-11/10/2010: Vulnerability in Google AJAX Search
Affected products:
————————-

Potentially vulnerable are all sites and web applications which are using
Google AJAX Search. Particularly those ones which used AJAX Search before
25th of June, 2010, when Google agreed with me and changed documentation of
AJAX Search to prevent incorrect use of their application.

I want to warn you about Cross-Site Scripting vulnerability in Google AJAX
Search.

In 2007 I already wrote about vulnerability in Google Custom Search Engine
(http://websecurity.com.ua/1050/) – CVE-2007-3484
(http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3484), and this is
new vulnerability related to Google Custom Search Engine, because AJAX
Search is one variant of CSE.





Read more at http://www.criticalwatch.com

 

Advertisements