CVE-2019-18653 β€” Cross-site Scripting in Antivirus

CWE-79 β€” Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 47.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Avast Antivirus
Timeline
PublishedNov 1
Latest updateMay 24

Description

A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

β–ΆNVDavast/antivirus19.3.2369

πŸ”΄Vulnerability Details

2
GHSA
GHSA-c7cg-5x5v-hrhj: A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19β†—2022-05-24
β–Ά
CVEList
CVE-2019-18653: A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19β†—2019-11-01
β–Ά
CVE-2019-18653 β€” Cross-site Scripting in Avast | cvebase