Description
nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors.
References (1)
Core 1
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/nwjs/nw.js/blob/nw11/CHANGELOG.md
Scores
CVSS v3
9.8
EPSS
0.0069
EPSS Percentile
71.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
nwjs/nw.js
< 0.11.4
Published
Oct 17, 2017
Tracked Since
Feb 18, 2026