Back to KEVs

CVE-2019-18426

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site...

Basic Information

CVE State
PUBLISHED
Reserved Date
October 25, 2019
Published Date
January 21, 2020
Last Updated
February 07, 2025
Vendor
Facebook
Product
WhatsApp Desktop
Description
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
Tags
cisa

CVSS Scores

CVSS v3.1

8.2 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

CVSS v2.0

5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

SSVC Information

Exploitation
active
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2022-05-23 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2020-02-29 21:36:46 UTC) Source

References

https://www.facebook.com/security/advisories/cve-2019-18426 http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-05-23 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

PerimeterX/CVE-2019-18426

Type: github • Created: 2020-02-29 21:36:46 UTC • Stars: 10

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Added to KEVIntel