Signal-desktop Security Vulnerabilities and Issues — Signal-desktop CVE List

Lucene search

SignalSignal-desktop

3 matches found

CVE•added 2018/05/14 11:29 p.m.•46 views

CVE-2018-10994

js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.

6.1CVSS5.8AI score0.00323EPSS

CVE•added 2019/03/24 2:29 a.m.•39 views

CVE-2019-9970

Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Lat...

6.5CVSS6.3AI score0.00423EPSS

CVE•added 2018/05/17 7:29 p.m.•32 views

CVE-2018-11101

Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a ...

6.1CVSS6AI score0.00428EPSS