The Google Search Appliance and Google Mini are normally used by organizations including banks and other universities to add search features to Web sites. A flaw in the way the systems handle few characters could makes it possible to craft a Web link, which looks like it points to a trusted site, but when clicked serves up content from a third, mostly wicked site.
“This vulnerability affects a lot of large Web sites,” John Herron, a security expert who actually maintains the NIST.org site, said in an e-mail. “It basically allows an effective disfigurement of a Web site when following a malicious link.