Friendica

friendica

Vendor: Friendica • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-39094 1Friendica 1Friendica Mar 13, 2025 Aug 20, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.
CVE-2024-27731 1Friendica 1Friendica Jun 4, 2025 Aug 15, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.
CVE-2024-27730 1Friendica 1Friendica Jun 4, 2025 Aug 15, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.
CVE-2024-27729 1Friendica 1Friendica Sep 11, 2024 Aug 15, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.
CVE-2024-27728 1Friendica 1Friendica Jun 4, 2025 Aug 15, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature.
CVE-2024-26495 1Friendica 1Friendica Apr 7, 2025 Apr 3, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comment...Show more Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function.Show less
CVE-2021-30141 1Friendica 1Friendica Nov 21, 2024 Apr 5, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memor...Show more Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users.Show less