CVE-2021-29467
MEDIUMwrongthink < 2.4.1 - Stored Cross-Site Scripting via Fingerprint Check
Title source: llmDescription
Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/birb-digital/wrongthink/security/advisories/GHSA-529v-f2gf-62w9
Scores
CVSS v3
6.1
EPSS
0.0048
EPSS Percentile
37.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Details
CWE
CWE-80
CWE-79
Status
published
Products (1)
wrongthink_project/wrongthink
< 2.4.1
Published
Apr 22, 2021
Tracked Since
Feb 18, 2026