Lucene search

CVE-2018-11101

🗓️ 17 May 2018 19:00:29Reported by mitreType

cve🔗 web.nvd.nist.gov👁 30 Views🌐 WEB

Open Whisper Signal (aka Signal-Desktop) v1.10.1 XSS vulnerability allows JavaScript execution via IMG and IFRAME element

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 13
The Hacker News	Another severe flaw in Signal desktop app lets hackers steal your chats in plaintext	16 May 201814:14	–	thn
Packet Storm	Signal Desktop HTML Tag Injection Variant 2	16 May 201800:00	–	packetstorm
Packet Storm	Signal Desktop HTML Injection	15 May 201800:00	–	packetstorm
Cvelist	CVE-2018-11101	17 May 201819:00	–	cvelist
Cvelist	CVE-2018-10994	14 May 201823:00	–	cvelist
NVD	CVE-2018-11101	17 May 201819:29	–	nvd
NVD	CVE-2018-10994	14 May 201823:29	–	nvd
OSV	CVE-2018-11101	17 May 201819:29	–	osv
OSV	CVE-2018-10994	14 May 201823:29	–	osv
Prion	Design/Logic Flaw	17 May 201819:29	–	prion

Nvd

Node

signal signal-desktopRange≤1.10.1

Source	Link
seclists	www.seclists.org/fulldisclosure/2018/May/46

Parameter	Position	Path	Description	CWE
p	query param	http://hacktheplanet/?p=%3Ciframe%20srcdoc="<p>PWONED!!</p>"%3E%3C/iframe%3E	XSS via iframe injection in a specially crafted message.	CWE-79
p	query param	http://hacktheplanet/?p=%3Cimg%20src="data:image/jpeg;base64,..."%3E	Image injection and execution bypassing click to download.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 May 2018 19:29Current

6Medium risk

Vulners AI Score6

CVSS24.3

CVSS36.1

EPSS0.00428

CWE-79