{"api_version":"1","generated_at":"2026-04-23T05:57:40+00:00","cve":"CVE-2019-18654","urls":{"html":"https://cve.report/CVE-2019-18654","api":"https://cve.report/api/cve/CVE-2019-18654.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-18654","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-18654"},"summary":{"title":"CVE-2019-18654","description":"A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-11-01 19:15:00","updated_at":"2023-11-07 03:06:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop/","name":"http://firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop/","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!) – Just Another Simple Write-Up","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://medium.com/@YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968","name":"https://medium.com/@YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!) | by YoKo Kho | InfoSec Write-ups | Medium","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://medium.com/%40YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968","name":"https://medium.com/%40YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968","refsource":"","tags":[],"title":"5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!) | by YoKo Kho | InfoSec Write-ups | Medium","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-18654","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18654","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"18654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avg","cpe5":"anti-virus","cpe6":"19.3.3084","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"internet_security","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"18654","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"avg","cpe5":"anti-virus","cpe6":"19.3.3084","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"internet_security","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"18654","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"18654","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-18654","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://medium.com/@YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968","refsource":"MISC","name":"https://medium.com/@YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968"},{"url":"http://firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop/","refsource":"MISC","name":"http://firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop/"}]}},"nvd":{"publishedDate":"2019-11-01 19:15:00","lastModifiedDate":"2023-11-07 03:06:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:avg:anti-virus:19.3.3084:*:*:*:internet_security:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"18654","Ordinal":"159130","Title":"CVE-2019-18654","CVE":"CVE-2019-18654","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"18654","Ordinal":"1","NoteData":"A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"18654","Ordinal":"2","NoteData":"2019-11-01","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"18654","Ordinal":"3","NoteData":"2019-11-01","Type":"Other","Title":"Modified"}]}}}