Unrated severityNVD Advisory· Published Jan 4, 2008· Updated Apr 23, 2026

CVE-2007-6640

Description

Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not properly prevent access to dangerous functions, which allows remote attackers to read the configuration, modify the configuration, or send an HTTP request via the (1) GM_addStyle, (2) GM_log, (3) GM_openInTab, (4) GM_setValue, (5) GM_getValue, or (6) GM_xmlhttpRequest function within a web page on which a userscript is configured.

Affected products

Sourceforge/Creammonkey3 versions
cpe:2.3:a:sourceforge:creammonkey:0.9:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:sourceforge:creammonkey:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:creammonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:creammonkey:1.1:*:*:*:*:*:*:*
Sourceforge/Greasekit2 versions
cpe:2.3:a:sourceforge:greasekit:1.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sourceforge:greasekit:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:sourceforge:greasekit:1.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000