Vulnerability Description
Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sourceforge | Creammonkey | 0.9 |
| Sourceforge | Greasekit | 1.2 |
Related Weaknesses (CWE)
References
- http://8-p.info/greasekit/vuln/20071226-en.html
- http://osvdb.org/42819
- http://secunia.com/advisories/28241
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39272
- http://8-p.info/greasekit/vuln/20071226-en.html
- http://osvdb.org/42819
- http://secunia.com/advisories/28241
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39272
FAQ
What is CVE-2007-6640?
CVE-2007-6640 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or...
How severe is CVE-2007-6640?
CVE-2007-6640 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6640?
Check the references section above for vendor advisories and patch information. Affected products include: Sourceforge Creammonkey, Sourceforge Greasekit.