CVE-2022-24799

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-24799
wire-webapp is the web application interface for the wire messaging service. Insufficient escaping in markdown “code highlighting” in the wire-webapp resulted in the possibility of injecting and executing arbitrary HTML code and thus also JavaScript. If a user receives and views such a malicious message, arbitrary code is injected and executed in the context of the victim. This allows the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-03-30-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-03-30-production.0-v0.29.2-0-d144552 or wire-server 2022-03-30 (chart/4.8.0), so that their applications are no longer affected. There are no known workarounds for this issue. ### Patches * The issue has been fixed in wire-webapp **2022-03-30-production.0** and is already deployed on all Wire managed services. * On-premise instances of wire-webapp need to be updated to docker tag **2022-03-30-production.0-v0.29.2-0-d144552** or wire-server **2022-03-30 (chart/4.8.0)**, so that their applications are no longer affected. ### Workarounds * No workarounds known ### For more information If you have any questions or comments about this advisory feel free to email us at [vulnerability-report@wire.com](mailto:vulnerability-report@wire.com) ### Credits We thank [Posix](https://twitter.com/po6ix) for reporting this vulnerability

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://github.com/wireapp/wire-webapp/commit/d14455252a949dc83f36d45e2babbdd9328af2a4 Patch Third Party Advisory
https://github.com/wireapp/wire-webapp/releases/tag/2022-03-30-production.0 Third Party Advisory
https://github.com/wireapp/wire-webapp/security/advisories/GHSA-5568-rfh8-vmhq Third Party Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:wire:wire-webapp:2016-07-29-17-00:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-08-04-15-44:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-08-23-09-31:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-08-24-10-10:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-08-29-14-54:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-09-08-15-38:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-09-19-14-01:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-09-28-14-58:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-10-11-15-34:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-10-18-08-10:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-10-25-08-17:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-10-26-18-58:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-11-03-16-09:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-11-08-15-06:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-12-01-12-57:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2016-12-13-15-12:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-01-23-12-12:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-02-01-14-49:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-02-17-10-10:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-02-24-13-06:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-03-08-17-32:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-03-14-15-05:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-03-21-11-00:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-03-27-17-10:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-03-28-14-23:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-04-05-16-58:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-04-07-09-42:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-04-19-12-31:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-04-20-15-54:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-05-03-10-29:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-05-19-16-10:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-05-26-08-16:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-05-26-12-03:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-06-01-10-02:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-06-07-15-03:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-06-07-18-05:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-06-22-12-18:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-06-28-15-13:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-07-06-12-44:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-07-06-15-48:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-07-18-12-50:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-08-03-15-19:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-08-04-09-04:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-08-04-15-01:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-08-08-15-09:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-08-24-10-57:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-08-31-14-21:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-09-26-07-18:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-09-26-13-00:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-10-09-08-42:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-10-19-10-45:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-10-25-07-08:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-11-07-08-50:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-11-10-10-41:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-12-04-10-23:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-12-04-13-34:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-12-07-11-13:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2017-12-20-12-48:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-01-24-18-11:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-02-01-10-26:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-02-16-07-54:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-03-12-11-41:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-04-06-07-28:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-04-06-09-44:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-04-09-10-16:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-04-12-06-45:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-04-12-11-12:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-04-12-13-37:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-04-24-14-58:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-05-04-07-18:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-05-24-15-49:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-06-19-08-04:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-07-03-08-25:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-07-16-08-55:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-07-16-14-05:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-07-26-08-54:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-08-06-08-03:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-08-22-07-38:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-08-31-06-54:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-09-07-14-18:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-09-28-11-46:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-10-02-08-03:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-10-15-08-14:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-10-23-12-05:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-11-05-11-21:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-11-15-13-14:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-11-30-11-03:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-12-03-11-26:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2018-12-04-14-24:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-01-02-13-10:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-01-08-13-20:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-01-17-15-08:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-02-11:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-02-11:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-02-11:staging2:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-02-13:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-02-18:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-02-18-11-26:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-02-27:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-02-28:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-02-28:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-02-28-15-10:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-02-28-15-11:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-05:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-07:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-11:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-13:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-13:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-14-11-05:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-18-12-58:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-20:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-25:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-25:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-28:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-28:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-03-29-09-38:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-04-08:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-04-10-10-55:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-04-11:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-04-18:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-04-23:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-04-23-10-51:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-04-25:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-04-29:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-05-09-09-36:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-05-14:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-05-15:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-05-16:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-05-16-09-26:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-05-31:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-05-31-08-18:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-06-04:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-06-06-12-31:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-06-20:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-06-24:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-06-25:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-06-26:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-07-01:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-07-02-12-29:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-07-11-13-18:*:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-07-30:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-08-01:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-08-14:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-08-19:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-08-21:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-08-22:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-08-22:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-08-27:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-09-02:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-09-05:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-09-09:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-09-12:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-09-13:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-09-17:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-09-18:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-09-23:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-09-24:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-07:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-07:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-08:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-10:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-10:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-14:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-16:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-16:production1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-16:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-16:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-21:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-25:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-29:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-10-31:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-11-01:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-11-08:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-11-12:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-11-19:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-11-21:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-11-21:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-11-25:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-11-26:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-12-12:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2019-12-20:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-01-06:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-01-09:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-01-13:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-01-15:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-01-16:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-01-17:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-01-21:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-01-22:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-02-06:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-02-11:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-02-11:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-02-14:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-02-18:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-02-20:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-02-24:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-02-26:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-02-28:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-03-03:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-03-03:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-03-06:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-03-12:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-03-18:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-03-20:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-03-23:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-03-30:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-04-01:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-04-07:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-04-09:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-04-16:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-04-21:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-04-22:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-04-23:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-04-28:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-04-29:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-04:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-06:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-07:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-07:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-13:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-14:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-15:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-18:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-19:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-20:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-22:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-26:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-27:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-28:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-05-29:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-06-02:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-06-05:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-06-08:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-06-10:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-06-12:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-06-15:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-06-15:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-06-19:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-06-24:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-06-29:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-07-07:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-07-07:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-07-13:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-07-16:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-07-24:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-07-24:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-07-24:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-08-06:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-08-12:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-08-12:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-08-14:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-08-18:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-08-19:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-08-21:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-08-25:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-08-26:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-09-02:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-09-03:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-09-04:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-09-08:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-09-11:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-09-17:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-09-18:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-09-21:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-09-28:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-09-29:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-01:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-06:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-07:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-07:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-08:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-14:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-15:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-21:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-21:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-26:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-27:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-10-28:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-11-09:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-11-30:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-11-30:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-12-10:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2020-12-14:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-01-18:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-01-18:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-01-27:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-02-02:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-02-03:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-02-04:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-02-15:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-02-17:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-02-18:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-02-22:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-02-26:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-03-04:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-03-05:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-03-10:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-03-15:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-03-18:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-03-24:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-03-25:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-04-01:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-04-06:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-04-15:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-04-26:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-04-28:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-05-06:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-05-10:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-05-27:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-06-01:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-06-17:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-07-09:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-07-26:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-07-27:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-08-03:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-08-04:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-08-09:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-08-17:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-08-25:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-08-25:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-08-27:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-08-30:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-08-30:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-03:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-06:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-06:staging1:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-06:staging2:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-06:staging3:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-08:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-09:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-10:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-13:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-13:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-20:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-22:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-27:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-29:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-09-30:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-10-02:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-10-04:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-10-13:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-10-20:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-10-27:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-11-01:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-11-25:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-12-01:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-12-01:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2021-12-02:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-01-18:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-01-19:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-01-20:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-01-27:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-02-02:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-02-03:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-02-07:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-02-08:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-02-15:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-02-17:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-02-22:production0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-03-23:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-03-28:staging0:*:*:*:*:*:*
cpe:2.3:a:wire:wire-webapp:2022-03-29:staging0:*:*:*:*:*:*
Information

Published : 2022-04-20 11:15

Updated : 2022-05-03 09:56

NVD link : CVE-2022-24799

Mitre link : CVE-2022-24799

JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa
Products Affected

wire

  • wire-webapp