Google is one of the companies that never had a problem with vulnerabilities, bugs or security flaws. It seems like Google Search Appliance is affected by a flaw that will add a phishing hole to sites visited.

NIST.org posted a message on their site to explain the vulnerability and how does it work: "What do several Banks, Credit Unions, Universities, countless business websites, dozens of government websites, and Google all have in common? A new Cross-Site Scripting (XSS) vulnerability. One that affects a lot of large websites, many that are ripe for phishing exploits," they started the announcement.

"This vulnerability is in the Google Search Appliance. A self-contained little pizza box of a computer that is built from the ground up to be a search engine for a company's website or file server. According to Google, prices for this device start at less than $2,000 and it can be up and running in less than an hour.

The problem involves using UTF-7 character encoding to bypass special character input handling. Normally these special characters (eg; ) are either filtered out or explicitly handled as plain text so they aren't echoed back in the search results as HTML or JavaScript," they added.

Google hasn't yet released any official statement but I hope the company will release a patch soon because it's obvious that security is the most important fact of the Internet.