FKIE_CVE-2004-2475

Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2004-09/0226.htmlExploit
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html
cve@mitre.orghttp://securitytracker.com/id?1011351Exploit
cve@mitre.orghttp://www.osvdb.org/10037
cve@mitre.orghttp://www.securityfocus.com/bid/11210Exploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17435
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2004-09/0226.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1011351Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/10037
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11210Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17435
Impacted products
Vendor Product Version
google toolbar 1.1.41
google toolbar 1.1.42
google toolbar 1.1.43
google toolbar 1.1.44
google toolbar 1.1.45
google toolbar 1.1.47
google toolbar 1.1.48
google toolbar 1.1.49
google toolbar 1.1.53
google toolbar 1.1.54
google toolbar 1.1.55
google toolbar 1.1.56
google toolbar 1.1.57
google toolbar 1.1.58
google toolbar 1.1.59
google toolbar 1.1.60
google toolbar 2.0.114.1
google toolbar 2.0.114.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B18B24-8E0C-41B3-9354-2506A05734A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "B41A4120-18F1-43B1-96B1-B97655671866",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.43:*:*:*:*:*:*:*",
              "matchCriteriaId": "64280CDE-BEB8-4A8D-A5B9-1F850ED002F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC8876EA-F6FD-4EE9-A63E-31610525CC74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "599A6B58-9915-4D72-A850-7A34EE85159F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "0708ABF8-989D-4879-90D9-93D4D237F270",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "C06A2E25-81C2-4645-A652-055A3E37F5FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D763CC4-8E6D-40B3-A663-DA7148F66CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B195D15-29BC-42B3-B931-696CC0527D2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAB91C2C-86DC-406C-89A1-2163B15F46E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "D29CB61F-61B1-4710-9E8C-7D97060C0F26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "614061C9-AE7A-46B5-BD53-75CD69F15C44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0D7E9-70F2-484B-8FA8-5B48052A46D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "0200C2A1-578F-45F2-B677-9091BC49EF93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "C630B01A-755E-4A80-BFF0-446415E87BE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:1.1.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5F7D4F8-C073-4115-806D-89973A4C2C4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:2.0.114.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B504D6-EE8A-4BEA-AC79-807ECB97E273",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:toolbar:2.0.114.1:*:big_en_ggld:*:*:*:*:*",
              "matchCriteriaId": "9B09625F-1DE4-4E2F-8B38-B8856C5731AD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section.  NOTE: some followup posts suggest that the demonstration code\u0027s use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability."
    }
  ],
  "id": "CVE-2004-2475",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0226.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1011351"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/10037"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/11210"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2004-09/0226.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://securitytracker.com/id?1011351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/10037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/11210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17435"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.