6.4

CVE-2007-6640

EPSS 0.29%
Veröffentlicht 04.01.2008 01:46:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sourceforge ≫ Creammonkey Version0.9

Sourceforge ≫ Creammonkey Version1.0

Sourceforge ≫ Creammonkey Version1.1

Sourceforge ≫ Greasekit Version1.2

Sourceforge ≫ Greasekit Version1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.49

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://8-p.info/greasekit/vuln/20071226-en.html

http://osvdb.org/42819

http://secunia.com/advisories/28241

https://exchange.xforce.ibmcloud.com/vulnerabilities/39272

https://nvd.nist.gov/vuln/detail/CVE-2007-6640

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-6640

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-6640

EUVD