Описание
Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2023.12 (включая) до 2024.03 (исключая)
cpe:2.3:a:friendica:friendica:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.0025
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 2 года назад
Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function.
EPSS
Процентиль: 48%
0.0025
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79