AVG AntiVirus (Internet Security Edition) 19.3.3084 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability

Summary

AVG AntiVirus (Internet Security Edition) 19.3.3084 suffers from improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Credit:

The information has been provided by Vendor

The original article can be found at:http://www.firstsight.me/2019/10/5000-usd-xss-issue-at-avast-desktop-antivirus-for-windows-yes-desktop/

 


Details

A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.

 

Vulnerable Systems:

AVG AntiVirus (Internet Security Edition) 19.3.3084

 

CVE Information:

CVE-2019-18654

 

Disclosure Timeline:
Published Date: 11/01/2019