What is CVE-2024-32986?

CVE-2024-32986 is a critical-severity vulnerability in Filips123 Pwasforfirefox, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 9.7/10. Published 2024-05-03.

How severe is CVE-2024-32986?

Critical severity. CVSS v3 base score is 9.7 out of 10.

Vulnerability in Filips123 Pwasforfirefox

CVE-2024-32986

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines in…

EPSS: 0.001 (31.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.7 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H.

Affected products

Filips123 Pwasforfirefox — versions < 2.12.0

Weakness classification (CWE)

References

https://github.com/filips123/PWAsForFirefox/security/advisories/GHSA-jmhv-m7v5-g5jq (x_refsource_CONFIRM)
https://github.com/filips123/PWAsForFirefox/commit/9932d4b289631d447f88ace09a2fabafe4cd5bd5 (x_refsource_MISC)
https://github.com/filips123/PWAsForFirefox/releases/tag/v2.12.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-32986?: CVE-2024-32986 is a critical-severity vulnerability in Filips123 Pwasforfirefox, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 9.7/10. Published 2024-05-03.
How severe is CVE-2024-32986?: Critical severity. CVSS v3 base score is 9.7 out of 10.