CVE-2024-27729

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.
Configurations

Configuration 1 (hide)

cpe:2.3:a:friendica:friendica:2023.12:*:*:*:*:*:*:*

History

11 Sep 2024, 20:29

Type Values Removed Values Added
First Time Friendica friendica
Friendica
CPE cpe:2.3:a:friendica:friendica:2023.12:*:*:*:*:*:*:*
References () https://github.com/friendica/friendica/pull/13927 - () https://github.com/friendica/friendica/pull/13927 - Issue Tracking
References () https://leo.oliver.nz/posts/2024/05/friendica-cve-disclosures/ - () https://leo.oliver.nz/posts/2024/05/friendica-cve-disclosures/ - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : 7.4
v2 : unknown
v3 : 6.1

03 Sep 2024, 18:35

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.4

19 Aug 2024, 13:00

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de Cross Site Scripting en Friendica v.2023.12 permite a un atacante remoto obtener información confidencial a través del parámetro location de la función de eventos del calendario.

15 Aug 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-15 19:15

Updated : 2024-09-11 20:29


NVD link : CVE-2024-27729

Mitre link : CVE-2024-27729

CVE.ORG link : CVE-2024-27729


JSON object : View

Products Affected

friendica

  • friendica
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')