From medium.com
CVE-2019–18653 & CVE-2019–18654: The story when Reflected XSS was triggering from SSID Name (It also affected AVG AntiVirus since basically the code of the those products was mostly “merged”).
5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!)