CVE-2022-24072 - AskarLabs CVE Database

CVE-2022-24072

Vendor Naver

Product NAVER Whale browser

Weakness CWE-269

Published March 17, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.

Key dates

02Disclosure timeline

March 17, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-24072 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

04Related CVE

CVE-2025-37101 HPE OneView for VMware vCenter (OV4VC), Local Elevation of Privilege CVE-2024-8100 On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. CVE-2026-5193 Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.13 - Authenticated (Author+) Limited Privilege Escalation via register_user CVE-2021-42082 Local Privilege Escalation to root in OSNEXUS QuantaStor before 6.0.0.355 CVE-2025-0177 Javo Core <= 3.0.0.080 - Unauthenticated Privilege Escalation in ajax_signup