Vulnerabilities (CVE)

Filtered by vendor Friendica Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-30141 1 Friendica 1 Friendica 2024-11-21 5.0 MEDIUM 7.5 HIGH
** DISPUTED ** Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users."
CVE-2024-27729 1 Friendica 1 Friendica 2024-09-11 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.
CVE-2024-39094 1 Friendica 1 Friendica 2024-08-21 N/A 5.4 MEDIUM
Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.