← Zuruck zu CVEs
CVE-2007-6640
N/ABeschreibung
Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht1/4/2008
Zuletzt geandert4/23/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
sourceforge:creammonkeysourceforge:greasekit
Schwachen (CWE)
CWE-264
Referenzen
http://8-p.info/greasekit/vuln/20071226-en.html(cve@mitre.org)
http://osvdb.org/42819(cve@mitre.org)
http://secunia.com/advisories/28241(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39272(cve@mitre.org)
http://8-p.info/greasekit/vuln/20071226-en.html(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/42819(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28241(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39272(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.