CVE-2019-18654
Summary
| CVE | CVE-2019-18654 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-11-01 19:15:00 UTC |
| Updated | 2023-11-07 03:06:00 UTC |
| Description | A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Avg | Anti-virus | 19.3.3084 | All | All | All |
| Application | Avg | Anti-virus | 19.3.3084 | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!) – Just Another Simple Write-Up | MISC | firstsight.me | Exploit, Third Party Advisory |
| 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!) | by YoKo Kho | InfoSec Write-ups | Medium | MISC | medium.com | Exploit, Third Party Advisory |
| 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!) | by YoKo Kho | InfoSec Write-ups | Medium | medium.com | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.