6.4

CVE-2007-6640

EPSS 0.29%
Published 04.01.2008 01:46:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Sourceforge ≫ Creammonkey Version0.9

Sourceforge ≫ Creammonkey Version1.0

Sourceforge ≫ Creammonkey Version1.1

Sourceforge ≫ Greasekit Version1.2

Sourceforge ≫ Greasekit Version1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.49

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://8-p.info/greasekit/vuln/20071226-en.html

http://osvdb.org/42819

http://secunia.com/advisories/28241

https://exchange.xforce.ibmcloud.com/vulnerabilities/39272

https://nvd.nist.gov/vuln/detail/CVE-2007-6640

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6640

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6640

EUVD