KEVIntel
Back to KEVs
8.2
CVSS
High

CVE-2019-18426

PUBLISHED

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site...

Exploited in the wild Remote Low complexity
Vendor
Facebook
Product
WhatsApp Desktop
Published
Jan 21, 2020
EPSS

Description

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.

cisa

CVSS scores

CVSS v3.1 8.2 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

CVSS v2.0 5.8

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitation status

Exploited in the wild

Recorded 2022-05-23 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
No
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA May 23, 2022

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

PerimeterX/CVE-2019-18426

github · Created 2020-02-29 21:36:46 UTC · 10 stars

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel