4 matches found
CVE-2022-29168
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...
CVE-2022-29168
CVE-2022-29168 describes an XSS in Wire via insufficient escaping when rendering @mentions in the wire-webapp. When a user views a malicious message, arbitrary HTML/JavaScript can be executed in the victim’s context, potentially taking over the user account. Wire-desktop clients connected to a vu...
CVE-2022-29168 Cross Site Scripting in Wire Messages
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...
CVE-2022-29168 Cross Site Scripting in Wire Messages
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...