CVE-2019-18426 – WhatsApp Cross-Site Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2019-18426

21 Jan 2020 — A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message. Una vulnerabilidad en WhatsApp Desktop versiones anteriores a 0.3.9309, cuando se combina con WhatsApp para iPhone versiones anteriores a 2.20.10, permite ataques de tipo cross-site scripting y la lectura de archivos local... • https://packetstorm.news/files/id/157097 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •