Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities found for smartup by zimocode

    CVE-2024-49378 (GCVE-0-2024-49378)

    Vulnerability from nvd – Published: 2024-10-25 12:55 – Updated: 2024-10-25 14:37
    VLAI
    Title
    smartUp Cross-site Scripting vulnerability
    Summary
    smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    zimocode smartup Affected: <= 7.2.622.1170
    Create a notification for this product.
    zimocode smartup Affected: 0 , ≤ 7.2.622.1170 (custom)
        cpe:2.3:a:zimocode:smartup:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:zimocode:smartup:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartup",
                "vendor": "zimocode",
                "versions": [
                  {
                    "lessThanOrEqual": "7.2.622.1170",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49378",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:29:52.879061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:37:25.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "smartup",
              "vendor": "zimocode",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 7.2.622.1170"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user\u2019s tab. As of time of publication, no known patches exist."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-25T12:55:50.145Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://securitylab.github.com/advisories/GHSL-2024-011_smartup/",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitylab.github.com/advisories/GHSL-2024-011_smartup/"
            },
            {
              "name": "https://github.com/zimocode/smartup/blob/2144ec161697751b1a6702f1af866726ea689e4e/js/background.js#L3800",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/zimocode/smartup/blob/2144ec161697751b1a6702f1af866726ea689e4e/js/background.js#L3800"
            }
          ],
          "source": {
            "advisory": "GHSA-9656-c575-pcgm",
            "discovery": "UNKNOWN"
          },
          "title": "smartUp Cross-site Scripting vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-49378",
        "datePublished": "2024-10-25T12:55:30.739Z",
        "dateReserved": "2024-10-14T13:56:34.812Z",
        "dateUpdated": "2024-10-25T14:37:25.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-49378 (GCVE-0-2024-49378)

    Vulnerability from cvelistv5 – Published: 2024-10-25 12:55 – Updated: 2024-10-25 14:37
    VLAI
    Title
    smartUp Cross-site Scripting vulnerability
    Summary
    smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user’s tab. As of time of publication, no known patches exist.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    zimocode smartup Affected: <= 7.2.622.1170
    Create a notification for this product.
    zimocode smartup Affected: 0 , ≤ 7.2.622.1170 (custom)
        cpe:2.3:a:zimocode:smartup:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:zimocode:smartup:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "smartup",
                "vendor": "zimocode",
                "versions": [
                  {
                    "lessThanOrEqual": "7.2.622.1170",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 6.1,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-49378",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-25T14:29:52.879061Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-25T14:37:25.046Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "smartup",
              "vendor": "zimocode",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c= 7.2.622.1170"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "smartUp, a web browser mouse gestures extension, has a universal cross-site scripting issue in the Edge and Firefox versions of smartUp 7.2.622.1170. The vulnerability allows another extension to execute arbitrary code in the context of the user\u2019s tab. As of time of publication, no known patches exist."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-10-25T12:55:50.145Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://securitylab.github.com/advisories/GHSL-2024-011_smartup/",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://securitylab.github.com/advisories/GHSL-2024-011_smartup/"
            },
            {
              "name": "https://github.com/zimocode/smartup/blob/2144ec161697751b1a6702f1af866726ea689e4e/js/background.js#L3800",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/zimocode/smartup/blob/2144ec161697751b1a6702f1af866726ea689e4e/js/background.js#L3800"
            }
          ],
          "source": {
            "advisory": "GHSA-9656-c575-pcgm",
            "discovery": "UNKNOWN"
          },
          "title": "smartUp Cross-site Scripting vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2024-49378",
        "datePublished": "2024-10-25T12:55:30.739Z",
        "dateReserved": "2024-10-14T13:56:34.812Z",
        "dateUpdated": "2024-10-25T14:37:25.046Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }