The Google Search Appliance allows customization of the search interface through XSLT style sheets. Certain versions of the appliance allow a remote URL to be supplied as the path to the XSLT style sheet. This feature can be abused to perform cross-site scripting (XSS), file discovery, service enumeration, and arbitrary command execution.
37203d5c09bcf28fbbeab1859e32e21af017fb6069bd81867fadf9f42db4c6f1