CVE-2014-0362: XSS
First published: Thu May 08 2014(Updated: )
Cross-site scripting (XSS) vulnerability on Google Search Appliance (GSA) devices before 7.0.14.G.216 and 7.2 before 7.2.0.G.114, when dynamic navigation is configured, allows remote attackers to inject arbitrary web script or HTML via input included in a SCRIPT element.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Search Appliance | >=7.0<7.0.14.g.216 | |
| Google Search Appliance | >=7.2<7.2.0.g.114 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2014-0362?
CVE-2014-0362 is classified as a medium severity vulnerability due to its potential for enabling cross-site scripting attacks.
How do I fix CVE-2014-0362?
To fix CVE-2014-0362, upgrade Google Search Appliance to version 7.0.14.G.216 or 7.2.0.G.114 or later.
What type of vulnerability is CVE-2014-0362?
CVE-2014-0362 is a cross-site scripting (XSS) vulnerability.
Which versions of Google Search Appliance are affected by CVE-2014-0362?
CVE-2014-0362 affects Google Search Appliance devices running versions prior to 7.0.14.G.216 and 7.2.0.G.114.
What can an attacker do exploiting CVE-2014-0362?
An attacker exploiting CVE-2014-0362 can inject arbitrary web scripts or HTML into affected Google Search Appliance configurations.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/google
- canonical/google search appliance
- version/google search appliance/7.0
- version/google search appliance/7.2