Filtered by vendor Friendica Subscriptions
Filtered by product Friendica Subscriptions
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-26495 1 Friendica 1 Friendica 2024-11-21 N/A
Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function.
CVE-2024-25864 1 Friendica 1 Friendica 2024-11-21 9.1 Critical
Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component.
CVE-2021-30141 1 Friendica 1 Friendica 2024-11-21 7.5 High
Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users.
CVE-2024-27729 1 Friendica 1 Friendica 2024-09-11 7.4 High
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.
CVE-2024-39094 1 Friendica 1 Friendica 2024-08-21 5.4 Medium
Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.
CVE-2024-27728 1 Friendica 1 Friendica 2024-08-20 6.1 Medium
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature.
CVE-2024-27730 1 Friendica 1 Friendica 2024-08-19 9.8 Critical
Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.
CVE-2024-27731 1 Friendica 1 Friendica 2024-08-19 6.1 Medium
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.