Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-30141 | 1 Friendica | 1 Friendica | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
** DISPUTED ** Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users." | |||||
CVE-2024-27729 | 1 Friendica | 1 Friendica | 2024-09-11 | N/A | 6.1 MEDIUM |
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. | |||||
CVE-2024-39094 | 1 Friendica | 1 Friendica | 2024-08-21 | N/A | 5.4 MEDIUM |
Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. |