What is CVE-2021-32683?

CVE-2021-32683 is a high-severity vulnerability in Wireapp Wire-webapp, classified under Cross-site Scripting. CVSS score: 8.8/10. Published 2021-06-15.

How severe is CVE-2021-32683?

High severity. CVSS v3 base score is 8.8 out of 10.

XSS in Wireapp Wire-webapp

CVE-2021-32683

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab (right click -> op…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (57.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Wireapp Wire-webapp — versions < 2021-06-01-production.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

github.com/wireapp/wire-webapp/security/advisories/GHSA-382j-mmc8-m5rw (x_refsource_CONFIRM)
github.com/wireapp/wire-webapp/commit/056e39d327bb10c1b0958dfbea0c39752692a1b0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-32683?: CVE-2021-32683 is a high-severity vulnerability in Wireapp Wire-webapp, classified under Cross-site Scripting. CVSS score: 8.8/10. Published 2021-06-15.
How severe is CVE-2021-32683?: High severity. CVSS v3 base score is 8.8 out of 10.