CVE-2004-2475

Currently unrated

Key Information:

Vendor: Google
Status: Toolbar
Vendor: CVE Published:; 31 December 2004

Summary

Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.

References

http://securitytracker.com/id?1011351

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/11210

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/17435

vdb-entryx_refsource_XF

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Aug 20, 2005
Vulnerability published
Dec 31, 2004

Collectors

NVD DatabaseMitre Database