Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026
CVE-2004-2475
CVE-2004-2475
Description
Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.
Affected products
18cpe:2.3:a:google:toolbar:1.1.41:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:google:toolbar:1.1.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.53:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.55:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.58:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:1.1.60:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:2.0.114.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:toolbar:2.0.114.1:*:big_en_ggld:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- archives.neohapsis.com/archives/bugtraq/2004-09/0226.htmlnvdExploit
- securitytracker.com/idnvdExploit
- www.securityfocus.com/bid/11210nvdExploit
- archives.neohapsis.com/archives/fulldisclosure/2004-09/0629.htmlnvd
- archives.neohapsis.com/archives/fulldisclosure/2004-09/0639.htmlnvd
- www.osvdb.org/10037nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/17435nvd
News mentions
0No linked articles in our index yet.