CVE-2024-26495

2024-04-0300:00:00

mitre

www.cve.org

xss

vulnerability

friendica

remote code execution

bbcode

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function.

References

github.com/friendica/friendica/issues/13884