Gal Weizman

5 exploits Active since Jan 2020
CVE-2020-6519 NOMISEC MEDIUM WORKING POC
Google Chrome <84.0.4147.89 - Auth Bypass
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
26 stars
CVSS 6.5
CVE-2019-18426 NOMISEC HIGH WRITEUP
WhatsApp Desktop < 0.3.9309 and WhatsApp for iPhone < 2.20.10 - Cross-Site Scripting via Link Preview
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
11 stars
CVSS 8.2
CVE-2019-18426 INTHEWILD HIGH WRITEUP
WhatsApp Desktop < 0.3.9309 and WhatsApp for iPhone < 2.20.10 - Cross-Site Scripting via Link Preview
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
CVSS 8.2
CVE-2019-18426 EXPLOITDB HIGH text WORKING POC
WhatsApp Desktop < 0.3.9309 and WhatsApp for iPhone < 2.20.10 - Cross-Site Scripting via Link Preview
A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.
CVSS 8.2
CVE-2020-6519 EXPLOITDB MEDIUM javascript WORKING POC
Google Chrome <84.0.4147.89 - Auth Bypass
Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVSS 6.5