← back
CVE-2024-49378

smartUp Cross-site Scripting vulnerability

CVSS 5.8 MEDIUMEPSS 0.3%CWE-79
smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
Affected products
zimocode · smartup

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/zimocode/smartup/blob/2144ec161697751b1a6702f1af866726ea689e4e/js/background.js#L3800https://securitylab.github.com/advisories/GHSL-2024-011_smartup/