Filtered by vendor Friendica
Subscriptions
Filtered by product Friendica
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27729 | 1 Friendica | 1 Friendica | 2024-09-11 | 7.4 High |
| Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. | ||||
| CVE-2024-39094 | 1 Friendica | 1 Friendica | 2024-08-21 | 5.4 Medium |
| Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. | ||||
| CVE-2024-27728 | 1 Friendica | 1 Friendica | 2024-08-20 | 6.1 Medium |
| Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. | ||||
| CVE-2024-27730 | 1 Friendica | 1 Friendica | 2024-08-19 | 9.8 Critical |
| Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature. | ||||
| CVE-2024-27731 | 1 Friendica | 1 Friendica | 2024-08-19 | 6.1 Medium |
| Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. | ||||
| CVE-2021-30141 | 1 Friendica | 1 Friendica | 2024-08-03 | 7.5 High |
| Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users. | ||||
| CVE-2024-26495 | 1 Friendica | 1 Friendica | 2024-08-02 | N/A |
| Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function. | ||||
| CVE-2024-25864 | 1 Friendica | 1 Friendica | 2024-08-01 | 9.1 Critical |
| Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component. | ||||
Page 1 of 1.