Medium severity6.1OSV Advisory· Published May 14, 2018· Updated Jun 17, 2026
CVE-2018-10994
CVE-2018-10994
Description
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2c53, v0.1.11, v0.1.12, …+ 1 more
- (no CPE)range: c53, v0.1.11, v0.1.12, …
- (no CPE)range: <1.10.1
Patches
Vulnerability mechanics
References
5- github.com/signalapp/Signal-Desktop/commit/bfbd84f5d1308cdfcb08a1727821f7103be151eanvdPatchThird Party Advisory
- twitter.com/bcrypt/status/995057030304952320nvdExploitThird Party Advisory
- twitter.com/ortegaalfredo/status/995940738839056384nvdExploitThird Party Advisory
- github.com/signalapp/Signal-Desktop/releases/tag/v1.10.1nvdRelease NotesThird Party Advisory
- twitter.com/lorenzoFB/status/995048605399633926nvdThird Party Advisory
News mentions
0No linked articles in our index yet.