5.9 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.03 Low
EPSS
Percentile
90.8%
Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code’s use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.
archives.neohapsis.com/archives/bugtraq/2004-09/0226.html
archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html
archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html
securitytracker.com/id?1011351
www.osvdb.org/10037
www.securityfocus.com/bid/11210
exchange.xforce.ibmcloud.com/vulnerabilities/17435