A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
References
Link | Resource |
---|---|
https://www.facebook.com/security/advisories/cve-2019-18426 | Vendor Advisory |
http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2020-01-21 13:15
Updated : 2023-01-31 12:06
NVD link : CVE-2019-18426
Mitre link : CVE-2019-18426
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
- whatsapp_for_desktop