CVE-2024-26495

2024-04-0303:15:09

[email protected]

web.nvd.nist.gov

cve-2024-26495

cross site scripting

remote attacker

arbitrary code

sensitive information

bbcode tags

post content

post comments function

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function.

References

github.com/friendica/friendica/issues/13884