Vulnerability Details CVE-2007-6640
Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.6%
CVSS Severity
CVSS v2 Score 6.4
References
- http://8-p.info/greasekit/vuln/20071226-en.html
- http://osvdb.org/42819
- http://secunia.com/advisories/28241
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39272
- http://8-p.info/greasekit/vuln/20071226-en.html
- http://osvdb.org/42819
- http://secunia.com/advisories/28241
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39272
Products affected by CVE-2007-6640
-
cpe:2.3:a:sourceforge:creammonkey:0.9
-
cpe:2.3:a:sourceforge:creammonkey:1.0
-
cpe:2.3:a:sourceforge:creammonkey:1.1
-
cpe:2.3:a:sourceforge:greasekit:1.2
-
cpe:2.3:a:sourceforge:greasekit:1.3