Cross-Site Scripting Vulnerability in Google Toolbar 2.0.114.1
CVE-2004-2475

Currently unrated

Key Information:

Vendor: Google
Status: Toolbar
Vendor: CVE Published:; 31 December 2004

Summary

A cross-site scripting (XSS) vulnerability exists in Google Toolbar 2.0.114.1, which enables attackers to inject arbitrary scripts through the 'about.html' page in the About section. Though there have been discussions on whether the payload of the attack does cross privilege boundaries due to the restrictions associated with the 'res://' protocol, the potential for script injection represents a significant concern for user security. This vulnerability highlights the importance of rigorous security measures in web applications to prevent script-based attacks.

References

http://securitytracker.com/id?1011351

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/11210

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/17435

vdb-entryx_refsource_XF

Timeline

Vulnerability Reserved
Aug 20, 2005
Vulnerability published
Dec 31, 2004