Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.
Max CVSS
4.3
EPSS Score
3.01%
Published
2004-12-31
Updated
2017-07-11
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
Max CVSS
5.0
EPSS Score
0.21%
Published
2003-04-11
Updated
2017-10-10
The Google toolbar 1.1.58 and earlier allows remote web sites to perform unauthorized toolbar operations including script execution and file reading in other zones such as "My Computer" by opening a window to tools.google.com or the res: protocol, then using script to modify the window's location to the toolbar's configuration URL, which bypasses the origin verification check.
Max CVSS
7.5
EPSS Score
0.29%
Published
2003-04-11
Updated
2008-09-05
3 vulnerabilities found