Description
Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by ViperSV · textremotewindows
https://www.exploit-db.com/exploits/24607
References (7)
Core 7
Core References
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1011351
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11210
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17435
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.html
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-09/0226.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/10037
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.html
Scores
EPSS
0.0086
EPSS Percentile
75.1%
Details
Status
published
Products (17)
google/toolbar
1.1.41
google/toolbar
1.1.42
google/toolbar
1.1.43
google/toolbar
1.1.44
google/toolbar
1.1.45
google/toolbar
1.1.47
google/toolbar
1.1.48
google/toolbar
1.1.49
google/toolbar
1.1.53
google/toolbar
1.1.54
... and 7 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026