{"vuid":"VU#673313","idnumber":"673313","name":"Google Search Appliance dynamic navigation cross-site scripting vulnerability","keywords":["Google","GSA","XSS","cross-site scripting"],"overview":"Google Search Appliance (GSA) devices contain a cross-site scripting (XSS) vulnerability when dynamic navigation is enabled.","clean_desc":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Google Search Appliance versions earlier than 7.2.0.G.114 and 7.0.14.G.216 fail to properly sanitize user input that is reflected directly into a JavaScript <script> block if the dynamic navigation feature is enabled. This allows an attacker to perform a reflected XSS attack.","impact":"A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.","resolution":"Apply an update This issue is resolved in GSA versions 7.2.0.G.114 and 7.0.14.G.216. These updates are available in the Google Enterprise Support Portal.","workarounds":"Disable dynamic navigation This vulnerability can be mitigated by disabling the dynamic navigation feature in the GSA.","sysaffected":"","thanks":"This vulnerability was reported by Will Dormann of the CERT/CC.","author":"This document was written by Will Dormann.","public":["http://www.google.com/support/enterprise/static/gsa/docs/admin/72/admin_console_help/serve_dynamic_navigation.html","http://www.google.com/support/enterprise/static/gsa/docs/admin/72/admin_console_help/serve_dynamic_navigation.html#enabledn"],"cveids":["CVE-2014-0362"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-03-19T18:39:26Z","publicdate":"2014-05-01T00:00:00Z","datefirstpublished":"2014-05-01T13:31:32Z","dateupdated":"2014-05-01T18:23:08Z","revision":23,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.3","cvss_basevector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","cvss_temporalscore":"3.4","cvss_environmentalscore":"3.36386816136","cvss_environmentalvector":"CDP:ND/TD:H/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}