CVE-2019-18654Cross-site Scripting in Anti-virus

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 47.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
AVG Anti-virus
Timeline
PublishedNov 1
Latest updateMay 24

Description

A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDavg/anti-virus19.3.3084

🔴Vulnerability Details

2
GHSA
GHSA-76pv-ppcw-h42p: A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 192022-05-24
CVEList
CVE-2019-18654: A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 192019-11-01
CVE-2019-18654 — Cross-site Scripting in AVG Anti-virus | cvebase