CVE-2024-49378

MEDIUM

smartUp 7.2.622.1170 - Universal Cross-Site Scripting

Title source: llm
STIX 2.1

Description

smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist.

Scores

CVSS v3 6.1
EPSS 0.0031
EPSS Percentile 22.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
zimocode/smartup <= 7.2.622.1170
Published Oct 25, 2024
Tracked Since Feb 18, 2026