Friendica: >> Friendica Security Vulnerabilities
Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-08-20
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-15
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-15
Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.
CVSS Score
9.8
EPSS Score
0.014
Published
2024-08-15
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-15
Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-04-03
Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-04-05