Unrated severityNVD Advisory· Published Nov 22, 2005· Updated Apr 16, 2026

CVE-2005-3757

Description

The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.

Affected products

Google/Mini Search Appliance
cpe:2.3:h:google:mini_search_appliance:*:*:*:*:*:*:*:*
Google/Search Appliance
cpe:2.3:h:google:search_appliance:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

metasploit.com/research/vulns/google_proxystylesheet/nvdExploitPatchVendor Advisory
securitytracker.com/idnvdExploitPatchVendor Advisory
www.osvdb.org/20981nvdExploitPatch
www.securityfocus.com/bid/15509nvdExploitPatch
secunia.com/advisories/17644nvdVendor Advisory
www.securityfocus.com/archive/1/417310/30/0/threadednvd
www.vupen.com/english/advisories/2005/2500nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.061
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000