CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.
Configurations

Configuration 1 (hide)

cpe:2.3:a:friendica:friendica:2024.03:*:*:*:*:*:*:*

History

21 Aug 2024, 13:31

Type Values Removed Values Added
Summary
  • (es) Friendica 2024.03 es vulnerable a Cross Site Scripting (XSS) en la configuración/perfil a través de la página de inicio, xmpp y los parámetros de matriz.
First Time Friendica
Friendica friendica
CWE CWE-79
CPE cpe:2.3:a:friendica:friendica:2024.03:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
References () https://friendi.ca/2024/08/17/friendica-2024-08-released/ - () https://friendi.ca/2024/08/17/friendica-2024-08-released/ - Release Notes
References () https://github.com/friendica/friendica/issues/14220 - () https://github.com/friendica/friendica/issues/14220 - Exploit, Issue Tracking
References () https://github.com/friendica/friendica/releases/tag/2024.08 - () https://github.com/friendica/friendica/releases/tag/2024.08 - Release Notes

20 Aug 2024, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-20 14:15

Updated : 2024-08-21 13:31


NVD link : CVE-2024-39094

Mitre link : CVE-2024-39094

CVE.ORG link : CVE-2024-39094


JSON object : View

Products Affected

friendica

  • friendica
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')