writeups.xyz / CVE-2019-18426 - WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE

Submitter : c2a

Date: 14 February 2020

Bounty : 12,500

Vulnerabilities :

• RCE
• Stored XSS
• CSP Bypass
• Arbitrary File Read
• Open Redirect
• Security Code Review

Programs :

• Meta / Facebook (WhatsApp)

Authors :

• Gal Weizman (@WeizmanGal)

Link :
https://weizman.github.io/2020/02/14/whatsapp-vuln/