Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2019-18426

Published: 21/01/2020 Updated: 31/01/2023
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.2 | Impact Score: 4.7 | Exploitability Score: 2.8
VMScore: 518
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Whatsapp

Vulnerability Summary

A vulnerability in WhatsApp Desktop versions before 0.3.9309 when paired with WhatsApp for iPhone versions before 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

whatsapp whatsapp

whatsapp whatsapp for desktop

Exploits

Exploit DB: WhatsApp Desktop 0.3.9308 Cross Site Scripting
WhatsApp Desktop version 039308 suffers from a persistent cross site scripting vulnerability ...

Github Repositories

https://github.com/0dayhunter/Facebook-BugBounty-Writeups

Collection of Facebook Bug Bounty Writeups

Meta(Facebook) BugBounty-Writeups Inspired from xdavidhu & 1hack0 this is a repo which contains Facebooks Updated BugBounty Writeups Contributing: If you have/know of any Facebook writeups not listed in this repository, feel free to open a Pull Request Please try to sort the writeups by publication date The template to follow when adding new writeups: - **[MONTH DAY

https://github.com/PerimeterX/CVE-2019-18426

WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE CVE-2019-18426 Technical Article Original Vulnerabilities Disclosures Documents DEMO Vids!

https://github.com/weizman/weizman

Gal Weizman Web Security Researcher Browser Javascript Expert Projects βš™οΈ Creator of LavaMoat browser js security tools: Snow ❄️ Across ↔ Vulnerabilities 😈 WhatsApp Critical vulnerabilities CVE-2019-18426 Chromium Medium vulnerability CVE-2020-6519 Advanced Anti Debugging Techniques 🚫 Official Awesome Javascript Anti Debugging Repo (ba

https://github.com/weizman/CVE-2019-18426

This was originally published on PerimeterX company's official Github through my work Github account Eventhough this is my work - all rights and legal concerns belong to PerimeterX company WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE CVE-2019-18426 Exploit DB Technical Article Original Vuln

https://github.com/jaiswalakshansh/Facebook-BugBounty-Writeups

Collection of Facebook Bug Bounty Writeups

Meta(Facebook) BugBounty-Writeups Inspired from xdavidhu & 1hack0 this is a repo which contains Facebooks Updated BugBounty Writeups Contributing: If you have/know of any Facebook writeups not listed in this repository, feel free to open a Pull Request Please try to sort the writeups by publication date The template to follow when adding new writeups: - **[MONTH DAY

Recent Articles

Terrifying bug in WhatsApp allows hackers to steal files. So get patching all nine of you using it on the desktop
The Register β€’ Shaun Nichols in San Francisco β€’ 05 Feb 2020

Dear Facebook, please keep up with Electron and Chromium fixes, ta Crown Prince of Saudi Arabia accused of hacking Jeff Bezos' phone with malware-laden WhatsApp message

A vulnerability in WhatsApp could be exploited to remotely access a victim's files on their computer – if they use the desktop client paired with the iPhone app. A patch has been issued and should be installed. Bug-hunter Gal Weizman, from security shop PerimeterX, discovered and reported CVE-2019-18426, a cross-site scripting hole that could potentially allow an attacker to get to the local file system of another user simply by sending a specially crafted message. The security bug was fixed i...

Read more...

References

CWE-79https://www.facebook.com/security/advisories/cve-2019-18426http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.htmlhttps://nvd.nist.govhttps://github.com/0dayhunter/Facebook-BugBounty-Writeupshttps://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook