vendor:
Google Desktop Search
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Google Desktop Search
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES (Assumed)
Related CWE: Not mentioned
CPE: a:google:desktop_search
Platforms Tested: Windows
Unknown
Cross-Site Scripting Vulnerability in Google Desktop Search
The Google Desktop Search application fails to properly sanitize HTML tag content, allowing an attacker to execute arbitrary client-side script code in a user's browser. This can lead to theft of authentication credentials and other malicious activities.
Mitigation:
Update to the latest version of Google Desktop Search that includes a fix for this vulnerability. Be cautious while visiting untrusted websites.