Lucene search
K

42 matches found

Vulnrichment
Vulnrichment
added 2022/06/25 7:5 a.m.8 views

CVE-2022-29168 Cross Site Scripting in Wire Messages

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...

9.6CVSS9.3AI score0.00777EPSS
Exploits0References1
OSV
OSV
added 2022/06/25 7:5 a.m.23 views

CVE-2022-29168 Cross Site Scripting in Wire Messages

Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering @mentions in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim...

9.6CVSS6.6AI score0.00777EPSS
Exploits0References3
NVD
NVD
added 2022/04/20 6:15 p.m.35 views

CVE-2022-24799

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

9.6CVSS0.00957EPSS
Exploits0References3
Prion
Prion
added 2022/04/20 6:15 p.m.15 views

Design/Logic Flaw

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

4.3CVSS6.3AI score0.00957EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/04/20 5:55 p.m.33 views

CVE-2022-24799 Cross Site Scripting in Wire Webapp

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

9.6CVSS7.1AI score0.00957EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/04/20 5:55 p.m.49 views

CVE-2022-24799 Cross Site Scripting in Wire Webapp

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

9.6CVSS9.4AI score0.00957EPSS
Exploits0References3
CVE
CVE
added 2022/04/20 5:55 p.m.91 views

CVE-2022-24799

CVE-2022-24799 describes a cross-site scripting vulnerability in Wire Webapp caused by insufficient escaping of markdown code highlighting, allowing execution of arbitrary HTML/JavaScript in the victim’s browser. Affected: wire-webapp and connected Wire desktop clients. Impact per description: at...

9.6CVSS6.7AI score0.00957EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/20 5:55 p.m.7 views

CVE-2022-24799 Cross Site Scripting in Wire Webapp

wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious...

9.6CVSS7AI score0.00957EPSS
Exploits0References3
NVD
NVD
added 2022/02/04 11:15 p.m.34 views

CVE-2022-23605

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...

4.4CVSS0.00307EPSS
Exploits0References2
Prion
Prion
added 2022/02/04 11:15 p.m.17 views

Design/Logic Flaw

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...

2.1CVSS3.8AI score0.00307EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/04 10:32 p.m.63 views

CVE-2022-23605

CVE-2022-23605 affects Wire Webapp: expired ephemeral messages were not reliably removed from local chat history and, in affected versions prior to 2022-01-27-production.0, ephemeral messages/assets could be accessible via the local search function. Viewing a message in chat view triggers deletio...

4.4CVSS3.7AI score0.00307EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/04 10:32 p.m.24 views

CVE-2022-23605 Expired Ephemeral Messages not reliably removed in wire-webapp

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...

4.4CVSS4.3AI score0.00307EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/02/04 10:32 p.m.6 views

CVE-2022-23605 Expired Ephemeral Messages not reliably removed in wire-webapp

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...

4.4CVSS4.6AI score0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/04 10:32 p.m.40 views

CVE-2022-23605 Expired Ephemeral Messages not reliably removed in wire-webapp

Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible...

4.4CVSS4.9AI score0.00307EPSS
Exploits0References2
NVD
NVD
added 2021/06/15 8:15 p.m.23 views

CVE-2021-32683

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab right click - open in new tab, or copy the URL and paste it in the URL bar, ...

8.8CVSS0.00826EPSS
Exploits1References2
Prion
Prion
added 2021/06/15 8:15 p.m.22 views

Cross site scripting

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab right click - open in new tab, or copy the URL and paste it in the URL bar, ...

4.3CVSS6AI score0.00826EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/06/15 7:11 p.m.64 views

CVE-2021-32683

Affected software: wire-webapp (web version of Wire). Vulnerability: cross-site scripting (CVE-2021-32683) present in versions prior to 2021-06-01-production.0 due to image handling (createObjectURL) that can execute malicious code on app.wire.com when an image is opened in a new tab or URL paste...

8.8CVSS6.4AI score0.00826EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/06/15 7:11 p.m.26 views

CVE-2021-32683 XSS through createObjectURL

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab right click - open in new tab, or copy the URL and paste it in the URL bar, ...

8.8CVSS8.3AI score0.00826EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/06/15 12:0 a.m.7 views

Wire 跨站脚本漏洞

Wire is a chat software by an individual developer. The program supports Web, WindowsiOS, Android, and OS X platforms, has a group feature, allows voice calls, sends photos, and its original way of saying hello, PING. A cross-site scripting vulnerability exists in wire-webapp, which can be...

8.8CVSS5.2AI score0.00826EPSS
Exploits1References2
NVD
NVD
added 2021/04/02 3:15 p.m.22 views

CVE-2021-21400

wire-webapp is an open-source front end for Wire, a secure collaboration platform. In wire-webapp before version 2021-03-15-production.0, when being prompted to enter the app-lock passphrase, the typed passphrase will be sent into the most recently used chat when the user does not actively give...

7.1CVSS0.01118EPSS
Exploits0References4
Rows per page
Query Builder