A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://www.facebook.com/security/advisories/cve-2019-18426 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: facebook
Published: 2020-01-21T20:30:15
Updated: 2020-04-06T20:06:48
Reserved: 2019-10-25T00:00:00
Link: CVE-2019-18426
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-21T21:15:16.147
Modified: 2023-01-31T20:06:44.333
Link: CVE-2019-18426
JSON object: View
Redhat Information
No data.
CWE