Home > Vulnerability Database > CVE-2024-49378

Mend.io Vulnerability Database

CVE-2024-49378

Good to know:

Date: October 25, 2024

smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist.

Language: JS

Severity Score

6.1

Related Resources (4)

Url: https://securitylab.github.com/advisories/GHSL-2024-011_smartup/

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-49378

Url: https://github.com/zimocode/smartup/blob/2144ec161697751b1a6702f1af866726ea689e4e/js/background.js#L3800

Url: https://www.mend.io/vulnerability-database/CVE-2024-49378

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-49378

Good to know:

Date: October 25, 2024

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?