← Voltar para CVEs
CVE-2007-6640
N/ADescricao
Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado1/4/2008
Ultima modificacao4/23/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
sourceforge:creammonkeysourceforge:greasekit
Fraquezas (CWE)
CWE-264
Referencias
http://8-p.info/greasekit/vuln/20071226-en.html(cve@mitre.org)
http://osvdb.org/42819(cve@mitre.org)
http://secunia.com/advisories/28241(cve@mitre.org)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39272(cve@mitre.org)
http://8-p.info/greasekit/vuln/20071226-en.html(af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/42819(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28241(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/39272(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.