CVE-2007-6640

Summary

CVE	CVE-2007-6640
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-01-04 01:46:00 UTC
Updated	2017-08-08 01:29:00 UTC
Description	Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.

Risk And Classification

Problem Types: CWE-264

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Sourceforge	Creammonkey	0.9	All	All	All
Application	Sourceforge	Creammonkey	1.0	All	All	All
Application	Sourceforge	Creammonkey	1.1	All	All	All
Application	Sourceforge	Creammonkey	0.9	All	All	All
Application	Sourceforge	Creammonkey	1.0	All	All	All
Application	Sourceforge	Creammonkey	1.1	All	All	All
Application	Sourceforge	Greasekit	1.2	All	All	All
Application	Sourceforge	Greasekit	1.3	All	All	All
Application	Sourceforge	Greasekit	1.2	All	All	All
Application	Sourceforge	Greasekit	1.3	All	All	All

References

Reference	Source	Link	Tags
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
GreaseKit / Creammonkey GM API Vulnerability - Advisories - Secunia	SECUNIA	secunia.com
GreaseKit (and Creammonkey) GM APIs Vulnerability	CONFIRM	8-p.info
42819	OSVDB	osvdb.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.