Until last week, Google was a company that never had problems with vulnerabilities or security flaws, especially because their products are based only on the online content without the need of an installation. Last week, a security advisory was released, saying that Google Search Appliance is affected by a flaw that can allow phishing exploits over a computer that uses the service.

Today, the same service is the target of another vulnerability that can enable some users to perform script-based attacks.

"maluc has reported a vulnerability in Google Mini Search Appliance and Google Search Appliance, which can be exploited by malicious people to conduct cross-site scripting attacks.. The vulnerability is caused due to an error within the handling of UTF-7 encoded URIs.

This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site," security company Secunia said in a statement.

Even if the company said the only affected products are Google Search Appliance and Google Mini Search Appliance, they recommend to "filter malicious characters and character sequences in a proxy."

Regardless of Secunia rating the flaw "less critical", the vulnerability shows another part of the giant's products that were created to be safe and secure.