CVE-2005-3866

Vulnerability

SearchFeed Search Engine versions 1.3.2 and earlier contain a reflected cross-site scripting vulnerability in the search functionality. User-supplied input to the REQ parameter is not sanitized before being included in the response page, allowing an attacker to inject arbitrary HTML or JavaScript code. The exact vulnerable endpoint is not specified in the available references [1], but the flaw occurs when performing a search and the REQ parameter is reflected back to the user.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL that contains specially crafted code in the REQ parameter. The victim must be tricked into clicking the crafted link, or the attacker can inject the link into content on another site. No authentication or special network position is required because the search function is typically public-facing [1]. The code executes in the context of the vulnerable site, with no additional privileges needed.

Impact

Successful exploitation allows arbitrary HTML and script execution in the victim's browser within the security context of the SearchFeed domain. This can lead to session hijacking, credential theft, or defacement, depending on the attacker's payload. The impact is limited to the user's browser session and the site's application permissions.

Mitigation

No official patch has been identified in the available references [1]. Users of SearchFeed Search Engine 1.3.2 and earlier should consider disabling the search component or upgrading to a fixed version if one becomes available. As of the vulnerability report date, no workaround is provided, and the product may be end-of-life. Monitor vendor channels for updates [1].