[VIM] Vendor dispute - Google Custom Search Engine XSS (CVE-2007-3484)
Steven M. Christey
coley at linus.mitre.org
Tue Jul 10 18:03:46 UTC 2007
Dispute from the Google security team. Apparently the original researcher
found an issue in a modified site. Not sure if other VDBs picked it up.
Date: Fri, 6 Jul 2007 15:28:34 -0700
To: cve at mitre.org, coley at rcf-smtp.mitre.org
Subject: Followup to CVE-2007-3484
The Google security team discovered the CVE candidate CVE-2007-3484
and would like to submit the following vendor response.
"This is not a bug in the Google Custom Search Engine
(http://google.com/coop/cse/) product, as Google does not provide the
"search.php" script referenced. When a user creates a custom search
further customize their website. The three examples provided at
websecurity.com.ua/1050/ are three independent XSS vulnerabilities in
their own respective sites and are not related to Google.
Google is an ardent believer in responsible disclosure, as it helps
protect users from exploitation of security flaws. If you find an issue
with a Google product, please notify us at security at google.com. We
appreciate the efforts of security researchers who have responsibly
disclosed issues in our software; we are happy to thank contributors on
security at google.com
More information about the VIM