QwikSec

Security Database

CVE

CWE

Training

CVE-2019-18426

Published: Jan 21, 2020

Modified: Oct 21, 2025

PUBLISHED

Description

A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.

Vendor	Product	Versions
Facebook	WhatsApp Desktop	affected `0.3.9309` affected `unspecified - < 0.3.9309`

Weaknesses (CWE)

References

https://www.facebook.com/security/advisories/cve-2019-18426

x_refsource_CONFIRM

http://packetstormsecurity.com/files/157097/WhatsApp-Desktop-0.3.9308-Cross-Site-Scripting.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.