VYPR

Signal-Desktop

by Open Whisper

CVEs (2)

  • CVE-2018-11101MedMay 17, 2018
    risk 0.40cvss 6.1epss 0.01

    Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML…

  • CVE-2018-14023MedAug 20, 2018
    risk 0.19cvss 4.0epss 0.00

    Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.