Overview
- Description
- smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 5.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
- Severity
- MEDIUM
Weaknesses
- security-advisories@github.com
- CWE-79
Social media
- Hype score
- Not currently trending
GHSL-2024-011: Arbitrary code execution in Edge and Firefox via a universal Cross-Site Scripting (XSS) - CVE-2024-49378 https://t.co/X9ij6Ws1SI
@GHSecurityLab
25 Oct 2024
967 Impressions
1 Retweet
13 Likes
4 Bookmarks
0 Replies
2 Quotes
CVE-2024-49378 smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerabilit… https://t.co/5eZvC6nCv5
@CVEnew
25 Oct 2024
363 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes