CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-18426

Known Exploited (CISA KEV)HIGH
8.2
CVSS Severity Score
EPSS Score32.8510%
EPSS Percentile96.48th
Published2020年1月21日
Last Modified2025年10月24日

Vulnerability Description

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.

Affected Platforms (CPE)

📦
Whatsapp

Whatsapp

< 0.3.9309
📦
Whatsapp

Whatsapp

< 2.20.10

References & Advisories

🔗 http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html
🔗 https://www.facebook.com/security/advisories/cve-2019-18426
🔗 http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html
🔗 https://www.facebook.com/security/advisories/cve-2019-18426
🔗 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-18426

相关漏洞威胁

CVE-2020-188910.0

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron ...

CVE-2018-63399.8

When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed ...

CVE-2018-63499.8

When receiving calls using WhatsApp for Android, a missing size check when parsing a sender-provided packet allowed for a stack-ba...

CVE-2018-206559.8

When receiving calls using WhatsApp for iOS, a missing size check when parsing a sender-provided packet allowed for a stack-based ...