Filtered by vendor Friendica
Subscriptions
Filtered by product Friendica
Subscriptions
Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-26495 | 1 Friendica | 1 Friendica | 2024-11-21 | N/A |
Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function. | ||||
CVE-2024-25864 | 1 Friendica | 1 Friendica | 2024-11-21 | 9.1 Critical |
Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component. | ||||
CVE-2021-30141 | 1 Friendica | 1 Friendica | 2024-11-21 | 7.5 High |
Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users. | ||||
CVE-2024-27729 | 1 Friendica | 1 Friendica | 2024-09-11 | 7.4 High |
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. | ||||
CVE-2024-39094 | 1 Friendica | 1 Friendica | 2024-08-21 | 5.4 Medium |
Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. | ||||
CVE-2024-27728 | 1 Friendica | 1 Friendica | 2024-08-20 | 6.1 Medium |
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. | ||||
CVE-2024-27730 | 1 Friendica | 1 Friendica | 2024-08-19 | 9.8 Critical |
Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature. | ||||
CVE-2024-27731 | 1 Friendica | 1 Friendica | 2024-08-19 | 6.1 Medium |
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. |
Page 1 of 1.