VYPR
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026

CVE-2004-2475

CVE-2004-2475

Description

Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

19
  • Google/Toolbar19 versions
    cpe:2.3:a:google:toolbar:1.1.41:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:google:toolbar:1.1.41:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.42:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.43:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.44:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.45:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.47:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.48:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.49:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.53:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.54:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.55:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.56:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.57:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.58:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.59:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:1.1.60:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:2.0.114.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:toolbar:2.0.114.1:*:big_en_ggld:*:*:*:*:*
    • (no CPE)range: = 2.0.114.1

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.