Описание
Wrongthink is an encrypted peer-to-peer chat program. A user could check their fingerprint into the service and enter a script to run arbitrary JavaScript on the site. No workarounds exist, but a patch exists in version 2.4.1.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.4.1 (исключая)
cpe:2.3:a:wrongthink_project:wrongthink:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00178
Низкий
6.1 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-80
CWE-79
EPSS
Процентиль: 39%
0.00178
Низкий
6.1 Medium
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-80
CWE-79