CVE-2019-18654: XSS
First published: Fri Nov 01 2019(Updated: )
A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AVG Anti-Virus | =19.3.3084 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop/
- https://medium.com/@YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968
- https://medium.com/%40YoKoKho/5-000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop-1e99375f0968
Frequently Asked Questions
What is CVE-2019-18654?
CVE-2019-18654 is a Cross Site Scripting (XSS) issue in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440.
How does CVE-2019-18654 affect AVG AntiVirus?
CVE-2019-18654 allows an attacker to execute JavaScript code via an SSID Name in the Network Notification Popup.
What is the severity of CVE-2019-18654?
CVE-2019-18654 has a severity rating of 6.1 (Medium).
How can I fix CVE-2019-18654?
To fix CVE-2019-18654, update AVG AntiVirus (Internet Security Edition) to version 19.3.4241.440 or later.
Is Microsoft Windows vulnerable to CVE-2019-18654?
No, Microsoft Windows is not vulnerable to CVE-2019-18654.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/avg
- canonical/avg anti-virus
- version/avg anti-virus/19.3.3084
- vendor/microsoft
- canonical/microsoft windows