Allele Security Alert
Cross-Site Scripting (XSS) through a specially crafted live location message
WhatsApp Desktop versions before v0.3.4932
WhatsApp Desktop version v0.3.4932
Proof of concept
An input validation issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed Cross-Site Scripting (XSS) upon clicking on a link from a specially crafted live location message.
WhatsApp Security Advisories
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: September 9, 2020