CVE-2018-10994

CVE-2018-10994

js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.