Wire-webapp Security Vulnerabilities and Issues — Wire-webapp CVE List

WireWire-webapp

7 matches found

CVE•added 2022/04/20 5:55 p.m.•85 views

CVE-2022-24799

CVE-2022-24799 describes a cross-site scripting vulnerability in Wire Webapp caused by insufficient escaping of markdown code highlighting, allowing execution of arbitrary HTML/JavaScript in the victim’s browser. Affected: wire-webapp and connected Wire desktop clients. Impact per description: at...

9.6CVSS6.7AI score0.00925EPSS

CVE•added 2022/06/25 7:5 a.m.•77 views

CVE-2022-29168

CVE-2022-29168 describes an XSS in Wire via insufficient escaping when rendering @mentions in the wire-webapp. When a user views a malicious message, arbitrary HTML/JavaScript can be executed in the victim’s context, potentially taking over the user account. Wire-desktop clients connected to a vu...

9.6CVSS6.8AI score0.00777EPSS

CVE•added 2022/02/04 10:32 p.m.•58 views

CVE-2022-23605

CVE-2022-23605 affects Wire Webapp: expired ephemeral messages were not reliably removed from local chat history and, in affected versions prior to 2022-01-27-production.0, ephemeral messages/assets could be accessible via the local search function. Viewing a message in chat view triggers deletio...

4.4CVSS3.7AI score0.00303EPSS

CVE•added 2021/06/15 7:11 p.m.•56 views

CVE-2021-32683

Affected software: wire-webapp (web version of Wire). Vulnerability: cross-site scripting (CVE-2021-32683) present in versions prior to 2021-06-01-production.0 due to image handling (createObjectURL) that can execute malicious code on app.wire.com when an image is opened in a new tab or URL paste...

8.8CVSS6.4AI score0.00826EPSS

CVE•added 2025/05/22 5:20 p.m.•54 views

CVE-2025-48066

CVE-2025-48066 affects wire-webapp; a regression stopped the client from deleting local data on logout for both public and regular clients. Data could remain on the device, and in some cases encryption-at-rest cryptographic material could not be exported. The issue was fixed in wire-webapp versio...

6CVSS5.9AI score0.00087EPSS

CVE•added 2023/01/27 8:43 p.m.•53 views

CVE-2022-39380

CVE-2022-39380 affects the Wire web-app. Prior to 2022-11-02, certain Markdown formats can trigger an unhandled error during HTML rendering, causing DoS-like symptom where the affected chat history cannot be displayed. The issue is fixed in version 2022-11-02 and deployed on Wire managed services...

5.3CVSS5AI score0.00623EPSS

CVE•added 2021/04/02 2:50 p.m.•40 views

CVE-2021-21400

The CVE-2021-21400 issue affects wire-webapp (open-source front end for Wire) prior to 2021-03-15-production.0. The vulnerability arises because, when prompted for the app-lock passphrase, the input is sent to the most recently used chat if the input field does not have focus; input focus is enfo...

7.1CVSS6.5AI score0.01118EPSS