Google Desktop Advanced Search Internal Web Server XSS
High Nessus Plugin ID 24710
SynopsisThe remote host has an application installed that is vulnerable to a local cross-site scripting attack.
DescriptionThe version of Google Desktop installed on the remote host is affected by a cross-site scripting flaw because it fails to properly encode the output for the 'under' keyword. This issue cannot be directly exploited remotely; however, when used in conjunction with a known Google.com cross-site scripting vulnerability to extract the unique signature associated with Google Desktop software, it might allow an attacker to query a victim's system for sensitive information.
SolutionGoogle Desktop automatically updates itself when a new version of the software is available. However, in some cases it may not be able to update itself due to network connectivity issues. Please ensure that Google Desktop version 5.0.0701.30540 or later is installed.