An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NWhatsapp Desktop
APPWhatsapp< 0.3.4932
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
Related vulnerabilities
CVE-2020-1889CRITICAL10.0ten sam produkt
A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox...
CVE-2019-3568CRITICAL9.8⚠ KEVten sam vendor
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted ser...
CVE-2022-36934CRITICAL9.8ten sam vendor
An integer overflow in WhatsApp could result in remote code execution in an established video call.
CVE-2021-24043CRITICAL9.1ten sam vendor
A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business fo...
CVE-2021-24042CRITICAL9.8ten sam vendor
The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23,...