CVE-2004-2475

Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-2475
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
google / toolbar	2.0.114.1	2.0.114.1.x
google / toolbar	1.1.41	1.1.41.x
google / toolbar	1.1.58	1.1.58.x
google / toolbar	1.1.44	1.1.44.x
google / toolbar	1.1.42	1.1.42.x
google / toolbar	1.1.49	1.1.49.x
google / toolbar	1.1.55	1.1.55.x
google / toolbar	1.1.48	1.1.48.x
google / toolbar	1.1.57	1.1.57.x
google / toolbar	1.1.47	1.1.47.x
google / toolbar	1.1.43	1.1.43.x
google / toolbar	1.1.60	1.1.60.x
google / toolbar	1.1.54	1.1.54.x
google / toolbar	1.1.53	1.1.53.x
google / toolbar	1.1.56	1.1.56.x
google / toolbar	1.1.59	1.1.59.x
google / toolbar	1.1.45	1.1.45.x

Vulnerability Database

289,697

CVE-2004-2475