Google Desktop cross-site scripting vulnerability


Google Desktop contains a cross-site scripting vulnerability.

Google Desktop, software for searching information on local computers, contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products

  • Google Desktop 5.1.706.29690 and earlier


An arbitrary script could be executed on the web browser of a user who uses Google Desktop.

According to the vendor, this vulnerability has been fixed in Google Desktop 5.1.706.29690 released on July 4, 2007 and later versions. Although Google Desktop has an automatic update feature, check the version information of Google Desktop you are using. If your version is earlier than Google Desktop 5.1.706.29690, update to the latest version as soon as possible.
Vendor Information

CWE (What is CWE?)

CVE (What is CVE?)


  1. JVN : JVN#79114735
Revision History

  • [2008/05/21]
      Web page published