Google Mini XSS vulnerability

September 27, 2007 in Google Mini | Comments (0)

The MID series Google Minis have a cross-site scripting vulnerability, Google Enterprise has just released a patch for it in the support area (you’ll need your support login and password to get to it.)

If you’re not sure what age Mini you have, there’s a test code on that page you can use to check your Mini. The MID series have ‘MID’ in their user agent when spidering, which might also help you check.

The M2 series, which has been on sale since last summer, and the Google Search Appliance, are not vulnerable to the problem.

If your Mini is public facing, you should patch it straight away. If you only use the XML feed and show results through other code, it’s up to you whether you patch it or not, you’re less at risk of someone using it for nefarious means.

Comments (0)

RSS feed for comments on this post. TrackBack URL

Leave a comment