friendica CVE Vulnerabilities & CVE List (7)

Products (CPE): — CVEs: 7

friendica vulnerability overview

Aggregates CVE and security vulnerability intelligence across all friendica-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk cross-site scripting and vendor risk path handling and related problems; some flaws may lead to vendor impact session compromise and vendor impact file overwrite.

Vulnerability distribution trend (last 24 months)

Showing 17 of 7 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2024-39094 Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters. [email protected] 5.4 0.32% 2024-08-20 2026-06-17
CVE-2024-27731 Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter. [email protected] 6.1 0.30% 2024-08-15 2026-06-17
CVE-2024-27730 Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature. [email protected] 9.8 0.80% 2024-08-15 2026-06-17
CVE-2024-27729 Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. [email protected] 6.1 0.37% 2024-08-15 2026-06-17
CVE-2024-27728 Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. [email protected] 6.1 0.31% 2024-08-15 2026-06-17
CVE-2024-26495 Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function. [email protected] 6.1 0.50% 2024-04-02 2026-06-17
CVE-2021-30141 Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states "the feature still requires a valid authentication cookie even if the route is accessible to non-logged users. [email protected] 7.5 1.52% 2021-04-05 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence