| Vulnerability Name: | CVE-2019-18654 (CCN-170910) | ||||||||||||
| Assigned: | 2019-10-29 | ||||||||||||
| Published: | 2019-10-29 | ||||||||||||
| Updated: | 2019-11-04 | ||||||||||||
| Summary: | A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | ||||||||||||
| CVSS v3 Severity: | 6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) 5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:U/RC:R)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:U/RC:R)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-18654 Source: MISC Type: Exploit, Third Party Advisory http://firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop/ Source: XF Type: UNKNOWN avg-antivirus-cve201918654-xss(170910) Source: MISC Type: Exploit, Third Party Advisory https://medium.com/@YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968 Source: CCN Type: Medium Web site 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!) | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||