Back to KEVs

CVE-2019-18426

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site...

Basic Information

CVE State
PUBLISHED
Reserved Date
October 25, 2019
Published Date
January 21, 2020
Last Updated
February 07, 2025
Vendor
Facebook
Product
WhatsApp Desktop
Description
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.

CVSS Scores

CVSS v3.1

8.2 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

SSVC Information

Exploitation
active
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (added 2022-05-23 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2020-02-29 21:36:46 UTC) Source

References

https://www.facebook.com/security/advisories/cve-2019-18426 http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-05-23 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

PerimeterX/CVE-2019-18426

Type: github • Created: 2020-02-29 21:36:46 UTC • Stars: 10