CVE-2021-27329

Friendica 2021.01 allows SSRF via parseurl?binurl= for DNS lookups or HTTP requests to arbitrary domain names...

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

EUVD-2021-14089

Malware in sbrugna...

EUVD-2024-23760

Malicious code in bioql PyPI...

EUVD-2024-37840

Malicious code in bioql PyPI...

EUVD-2024-23171

Malicious code in bioql PyPI...

CVE-2024-25864

Server Side Request Forgery SSRF vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component...

CVE-2024-26495

Cross Site Scripting XSS vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function...

CVE-2024-27730

Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature...

CVE-2024-27728

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature...

CVE-2024-27729

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature...

CVE-2024-27731

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter...

CVE-2021-30141

Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid...

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...

CVE-2024-39094

Friendica 2024.03 is affected by a Cross‑Site Scripting (XSS) vulnerability in the settings/profile area accessible via the homepage, xmpp, and matrix parameters. The issue targets the settings/profile component and is exploited through crafted input in those parameters, with details indicating u...

PT-2024-28348 · Friendica · Friendica

Name of the Vulnerable Software and Affected Versions: Friendica version 2024.03 Description: The issue is related to Cross Site Scripting XSS in the settings/profile section via the homepage, xmpp, and matrix parameters. This allows for potential malicious script execution. Recommendations: For...

Friendica 安全漏洞

Friendica is an application of the German Friendica community. It provides decentralized social networking. A security vulnerability exists in Friendica version 2024.03, which stems from susceptibility to cross-site scripting attacks in settings/configuration files via homepage, xmpp and matrix...

CVE-2024-39094

Friendica 2024.03 is vulnerable to Cross Site Scripting XSS in settings/profile via the homepage, xmpp, and matrix parameters...