CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-2475

Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 73.9%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2004-2475

Google » Toolbar » Version: 1.1.41

cpe:2.3:a:google:toolbar:1.1.41
Google » Toolbar » Version: 1.1.42

cpe:2.3:a:google:toolbar:1.1.42
Google » Toolbar » Version: 1.1.43

cpe:2.3:a:google:toolbar:1.1.43
Google » Toolbar » Version: 1.1.44

cpe:2.3:a:google:toolbar:1.1.44
Google » Toolbar » Version: 1.1.45

cpe:2.3:a:google:toolbar:1.1.45
Google » Toolbar » Version: 1.1.47

cpe:2.3:a:google:toolbar:1.1.47
Google » Toolbar » Version: 1.1.48

cpe:2.3:a:google:toolbar:1.1.48
Google » Toolbar » Version: 1.1.49

cpe:2.3:a:google:toolbar:1.1.49
Google » Toolbar » Version: 1.1.53

cpe:2.3:a:google:toolbar:1.1.53
Google » Toolbar » Version: 1.1.54

cpe:2.3:a:google:toolbar:1.1.54
Google » Toolbar » Version: 1.1.55

cpe:2.3:a:google:toolbar:1.1.55
Google » Toolbar » Version: 1.1.56

cpe:2.3:a:google:toolbar:1.1.56
Google » Toolbar » Version: 1.1.57

cpe:2.3:a:google:toolbar:1.1.57
Google » Toolbar » Version: 1.1.58

cpe:2.3:a:google:toolbar:1.1.58
Google » Toolbar » Version: 1.1.59

cpe:2.3:a:google:toolbar:1.1.59
Google » Toolbar » Version: 1.1.60

cpe:2.3:a:google:toolbar:1.1.60
Google » Toolbar » Version: 2.0.114.1

cpe:2.3:a:google:toolbar:2.0.114.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2004-2475

Products

Pricing

Contact Us