Wire wire-webapp 2022-03-30 Production0
Approved changes feed: RSS · Atom
cpe:2.3:a:wire:wire-webapp:2022-03-30:production0:*:*:*:*:*:*
part: a version: 2022-03-30 update: production0
| Vendor | Wire (b242ea1e-cceb-5996-8a95-4e04b0582e80) |
|---|---|
| Product | Wire Webapp (68c00953-b3f7-5c62-adbb-dfc7f33e975d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wireapp/wire-webapp |
purl2cpe | 2026-06-01 10:13:02.512063 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-29168 |
vulnerable | 2026-06-08 05:42:47.255959 |
Cross Site Scripting in Wire Messages
CRITICAL (9.6)
Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim allowing the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-05-04-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-05-04-production.0-v0.29.7-0-a6f2ded or wire-server 2022-05-04 (chart/4.11.0) or later. No known workarounds exist.
Published: 2022-06-25T07:05:09.000Z
Updated: 2025-04-23T18:08:54.718Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.