What is CVE-2019-11928?

CVE-2019-11928 is a vulnerability in Facebook Whatsapp Desktop, classified under Cross-site Scripting. Published 2020-09-03.

Is CVE-2019-11928 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Facebook Whatsapp Desktop

CVE-2019-11928

An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed cross-site scripting upon clicking on a link from a specially crafted live location message.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (62.5th percentile) — read the EPSS interpretation.

Affected products

Facebook Whatsapp Desktop — versions 0.3.4932, unspecified

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

404notf0und/CVE-Flow

References

www.whatsapp.com/security/advisories/2020/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-11928?: CVE-2019-11928 is a vulnerability in Facebook Whatsapp Desktop, classified under Cross-site Scripting. Published 2020-09-03.
Is CVE-2019-11928 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.