Medium severity6.1NVD Advisory· Published Oct 25, 2024· Updated Apr 15, 2026

CVE-2024-49378

Description

smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Zimocode/Smartupreferences2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 7.2.622.1170

Patches

Vulnerability mechanics

References

github.com/zimocode/smartup/blob/2144ec161697751b1a6702f1af866726ea689e4e/js/background.jsnvd
securitylab.github.com/advisories/GHSL-2024-011_smartup/nvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000