Vulnerability Details CVE-2019-18426
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.589
EPSS Ranking 98.1%
CVSS Severity
CVSS v3 Score 8.2
CVSS v2 Score 5.8
Proposed Action
A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html
- https://www.facebook.com/security/advisories/cve-2019-18426
- http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html
- https://www.facebook.com/security/advisories/cve-2019-18426
Products affected by CVE-2019-18426
-
cpe:2.3:a:whatsapp:whatsapp:-
-
cpe:2.3:a:whatsapp:whatsapp:2.10.1
-
cpe:2.3:a:whatsapp:whatsapp:2.10.2
-
cpe:2.3:a:whatsapp:whatsapp:2.11.11
-
cpe:2.3:a:whatsapp:whatsapp:2.11.12
-
cpe:2.3:a:whatsapp:whatsapp:2.11.14
-
cpe:2.3:a:whatsapp:whatsapp:2.11.15
-
cpe:2.3:a:whatsapp:whatsapp:2.11.16
-
cpe:2.3:a:whatsapp:whatsapp:2.11.3
-
cpe:2.3:a:whatsapp:whatsapp:2.11.4
-
cpe:2.3:a:whatsapp:whatsapp:2.11.5
-
cpe:2.3:a:whatsapp:whatsapp:2.11.6
-
cpe:2.3:a:whatsapp:whatsapp:2.11.7
-
cpe:2.3:a:whatsapp:whatsapp:2.11.8
-
cpe:2.3:a:whatsapp:whatsapp:2.11.9
-
cpe:2.3:a:whatsapp:whatsapp:2.12.1
-
cpe:2.3:a:whatsapp:whatsapp:2.12.10
-
cpe:2.3:a:whatsapp:whatsapp:2.12.11
-
cpe:2.3:a:whatsapp:whatsapp:2.12.12
-
cpe:2.3:a:whatsapp:whatsapp:2.12.13
-
cpe:2.3:a:whatsapp:whatsapp:2.12.14
-
cpe:2.3:a:whatsapp:whatsapp:2.12.15
-
cpe:2.3:a:whatsapp:whatsapp:2.12.16
-
cpe:2.3:a:whatsapp:whatsapp:2.12.17
-
cpe:2.3:a:whatsapp:whatsapp:2.12.2
-
cpe:2.3:a:whatsapp:whatsapp:2.12.3
-
cpe:2.3:a:whatsapp:whatsapp:2.12.4
-
cpe:2.3:a:whatsapp:whatsapp:2.12.6
-
cpe:2.3:a:whatsapp:whatsapp:2.12.7
-
cpe:2.3:a:whatsapp:whatsapp:2.12.8
-
cpe:2.3:a:whatsapp:whatsapp:2.12.9
-
cpe:2.3:a:whatsapp:whatsapp:2.16.1
-
cpe:2.3:a:whatsapp:whatsapp:2.16.10
-
cpe:2.3:a:whatsapp:whatsapp:2.16.11
-
cpe:2.3:a:whatsapp:whatsapp:2.16.12
-
cpe:2.3:a:whatsapp:whatsapp:2.16.13
-
cpe:2.3:a:whatsapp:whatsapp:2.16.14
-
cpe:2.3:a:whatsapp:whatsapp:2.16.15
-
cpe:2.3:a:whatsapp:whatsapp:2.16.16
-
cpe:2.3:a:whatsapp:whatsapp:2.16.17
-
cpe:2.3:a:whatsapp:whatsapp:2.16.18
-
cpe:2.3:a:whatsapp:whatsapp:2.16.19
-
cpe:2.3:a:whatsapp:whatsapp:2.16.2
-
cpe:2.3:a:whatsapp:whatsapp:2.16.20
-
cpe:2.3:a:whatsapp:whatsapp:2.16.3
-
cpe:2.3:a:whatsapp:whatsapp:2.16.4
-
cpe:2.3:a:whatsapp:whatsapp:2.16.5
-
cpe:2.3:a:whatsapp:whatsapp:2.16.6
-
cpe:2.3:a:whatsapp:whatsapp:2.16.7
-
cpe:2.3:a:whatsapp:whatsapp:2.16.8
-
cpe:2.3:a:whatsapp:whatsapp:2.16.9
-
cpe:2.3:a:whatsapp:whatsapp:2.17.1
-
cpe:2.3:a:whatsapp:whatsapp:2.17.2
-
cpe:2.3:a:whatsapp:whatsapp:2.17.3
-
cpe:2.3:a:whatsapp:whatsapp:2.17.4
-
cpe:2.3:a:whatsapp:whatsapp:2.17.5
-
cpe:2.3:a:whatsapp:whatsapp:2.17.7
-
cpe:2.3:a:whatsapp:whatsapp:2.18.100.2
-
cpe:2.3:a:whatsapp:whatsapp:2.18.100.6
-
cpe:2.3:a:whatsapp:whatsapp:2.18.90.24
-
cpe:2.3:a:whatsapp:whatsapp:2.18.93
-
cpe:2.3:a:whatsapp:whatsapp:2.19.100
-
cpe:2.3:a:whatsapp:whatsapp:2.19.51
-
cpe:2.3:a:whatsapp:whatsapp:2.2.5
-
cpe:2.3:a:whatsapp:whatsapp:2.6.10
-
cpe:2.3:a:whatsapp:whatsapp:2.6.4
-
cpe:2.3:a:whatsapp:whatsapp:2.6.5
-
cpe:2.3:a:whatsapp:whatsapp:2.6.6
-
cpe:2.3:a:whatsapp:whatsapp:2.6.7
-
cpe:2.3:a:whatsapp:whatsapp:2.6.9
-
cpe:2.3:a:whatsapp:whatsapp:2.8.1
-
cpe:2.3:a:whatsapp:whatsapp:2.8.2
-
cpe:2.3:a:whatsapp:whatsapp:2.8.3
-
cpe:2.3:a:whatsapp:whatsapp:2.8.4
-
cpe:2.3:a:whatsapp:whatsapp:2.8.6
-
cpe:2.3:a:whatsapp:whatsapp:2.8.7
-
cpe:2.3:a:whatsapp:whatsapp_for_desktop:*