Описание
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.
Ссылки
- Issue TrackingPatch
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:friendica:friendica:2023.12:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00227
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 6.1
github
больше 1 года назад
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.
EPSS
Процентиль: 45%
0.00227
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-200