CVE-2019-18653 Information
Feb 14, 2021
cve
Description
A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free Internet Security and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup allowing an attacker to execute JavaScript code via an SSID Name.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
http://firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop/ https://medium.com/@YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: