Google Search アプライアンスにクロスサイトスクリプティングの脆弱性が新たに発見されたそうです。

$30,000 and vulnerabilities to boot! Google’s search appliance appears to be vulnerable to another XSS vulnerability, according to Mustlive’s disclosure. It comes complete with a Google dork. Not good. Mustlive has contacted Google, who to my knowledge has not let their customers know that they are vulnerable - if I’m wrong, someone please correct me.

実証サイト

• gsa.icann.org
• search.york.ac.uk