Vulnerability Description
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| < 0.3.9309 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-SiteExploitThird Party AdvisoryVDB Entry
- https://www.facebook.com/security/advisories/cve-2019-18426Vendor Advisory
- http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-SiteExploitThird Party AdvisoryVDB Entry
- https://www.facebook.com/security/advisories/cve-2019-18426Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-US Government Resource
FAQ
What is CVE-2019-18426?
CVE-2019-18426 is a vulnerability with a CVSS score of 8.2 (HIGH). A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnera...
How severe is CVE-2019-18426?
CVE-2019-18426 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18426?
Check the references section above for vendor advisories and patch information. Affected products include: Whatsapp Whatsapp.