7.6
CVE-2007-1085
- EPSS 10.76%
- Veröffentlicht 23.02.2007 03:28:00
- Zuletzt bearbeitet 16.06.2026 22:36:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.76% | 0.953 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 4.9 | 10 |
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
http://osvdb.org/33483
http://securityreason.com/securityalert/2301
http://www.kb.cert.org/vuls/id/615857
http://www.securityfocus.com/archive/1/460735/100/0/threaded
http://www.securityfocus.com/archive/1/460928/100/0/threaded
http://www.securityfocus.com/bid/22650
http://www.securitytracker.com/id?1017686
http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf