NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-49378

Summary	smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist.
Publication Date	Oct. 25, 2024, 10:15 p.m.
Registration Date	Oct. 26, 2024, 5 a.m.
Last Update	Oct. 28, 2024, 10:58 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://securitylab.github.com/advisories/GHSL-2024-011_smartup/
2	https://github.com/zimocode/smartup/blob/2144ec161697751b1a6702f1af866726ea689e4e/js/background.js#L3800

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html