header-logo
Suggest Exploit
vendor:
Google Desktop Search
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Google Desktop Search
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES (Assumed)
Related CWE: Not mentioned
CPE: a:google:desktop_search
Metasploit:
Other Scripts:
Platforms Tested: Windows
Unknown

Cross-Site Scripting Vulnerability in Google Desktop Search

The Google Desktop Search application fails to properly sanitize HTML tag content, allowing an attacker to execute arbitrary client-side script code in a user's browser. This can lead to theft of authentication credentials and other malicious activities.

Mitigation:

Update to the latest version of Google Desktop Search that includes a fix for this vulnerability. Be cautious while visiting untrusted websites.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11541/info

Google Desktop Search is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize HTML tag content.

An attacker may leverage this issue to execute arbitrary client-side script code in an unsuspecting user's browser, facilitating theft of cookie-based authentication credentials and other attacks.

In the following URI the '<targetWebSite>' must be replaced with an arbitrary Web site:
http://<targetWebSite>/search?q=txt&meta="><script>alert("BUG")</script><a = "