← Volver a CVEs
CVE-2007-6640
N/ADescripcion
Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado1/4/2008
Ultima modificacion4/23/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
sourceforge:creammonkeysourceforge:greasekit
Debilidades (CWE)
CWE-264
Referencias
http://8-p.info/greasekit/vuln/20071226-en.html(cve@mitre.org)
http://osvdb.org/42819(cve@mitre.org)
http://secunia.com/advisories/28241(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39272(cve@mitre.org)
http://8-p.info/greasekit/vuln/20071226-en.html(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/42819(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28241(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39272(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.