Scott Nonnenberg

2 exploits Active since May 2018
CVE-2018-10994 WRITEUP MEDIUM WRITEUP
Signal-Desktop < 1.10.1 - Cross-Site Scripting via URL
js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
CVSS 6.1
CVE-2019-19954 WRITEUP HIGH WRITEUP
Signal Desktop < 1.29.1 - Uncontrolled Search Path Element via Trojan Horse wmic.exe
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
CVSS 7.3