CVE-2018-10994: XSS
First published: Mon May 14 2018(Updated: )
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Signal Signal-desktop | <1.10.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151ea
- https://github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1
- https://twitter.com/bcrypt/status/995057030304952320
- https://twitter.com/lorenzoFB/status/995048605399633926
- https://twitter.com/ortegaalfredo/status/995940738839056384
Frequently Asked Questions
What is the severity of CVE-2018-10994?
The severity of CVE-2018-10994 is medium.
How does CVE-2018-10994 affect Open Whisper Signal?
CVE-2018-10994 affects Open Whisper Signal (aka Signal-Desktop) before version 1.10.1.
What is the vulnerability description of CVE-2018-10994?
CVE-2018-10994 allows cross-site scripting (XSS) attacks via a URL in js/views/message_view.js.
What is the Common Weakness Enumeration (CWE) ID for CVE-2018-10994?
The CWE ID for CVE-2018-10994 is 79.
How do I fix CVE-2018-10994 in Open Whisper Signal?
To fix CVE-2018-10994, update Open Whisper Signal to version 1.10.1 or higher.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/type
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/signal
- canonical/signal signal-desktop