CVE-2005-3758
published 2005-11-22CVE-2005-3758: Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
19.11%
97.0th percentile
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jhj4-7hpf-cgpg: Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbi
ghsa_unreviewed·2022-05-01
CVE-2005-3758 [MEDIUM] GHSA-jhj4-7hpf-cgpg: Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbi
Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet.
Red Hat
php: extract() can overwrite $GLOBALS and $this when using EXTR_OVERWRITE
vendor_redhat·2010-12-08·CVSS 7.5
CVE-2011-0752 [HIGH] php: extract() can overwrite $GLOBALS and $this when using EXTR_OVERWRITE
php: extract() can overwrite $GLOBALS and $this when using EXTR_OVERWRITE
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.
Statement: We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed.
This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 3, 4, or 5 (php). This issue was addressed in the php53 packages as shipped in Red Hat Enterprise Linux 5 before t
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://metasploit.com/research/vulns/google_proxystylesheet/http://secunia.com/advisories/17644http://securitytracker.com/id?1015246http://www.osvdb.org/20980http://www.securityfocus.com/archive/1/417310/30/0/threadedhttp://www.securityfocus.com/bid/15509http://www.vupen.com/english/advisories/2005/2500http://metasploit.com/research/vulns/google_proxystylesheet/http://secunia.com/advisories/17644http://securitytracker.com/id?1015246http://www.osvdb.org/20980http://www.securityfocus.com/archive/1/417310/30/0/threadedhttp://www.securityfocus.com/bid/15509http://www.vupen.com/english/advisories/2005/2500
2005-11-22
Published