Friendica: >> Friendica >> 2023.12 Security Vulnerabilities
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-15
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-15
Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.
CVSS Score
9.8
EPSS Score
0.014
Published
2024-08-15
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-08-15
Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-04-03