Leo0Liver

#9308of 53,633
29.4Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2024-22011
6.1
2024-08-15
Friendica · Friendica · CVE-2024-27728
**Name of the Vulnerable Software and Affected Versions** Friendica version 2023.12 **Description** The issue allows a remote attacker to obtain sensitive information via the `text` parameter of the babel debug feature. This is a Cross Site Scripting issue. **Recommendations** For Friendica version 2023.12, consider disabling the babel debug feature until a patch is available. Avoid using the `text` parameter in the affected feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2024-22012
7.4
2024-08-15
Friendica · Friendica · CVE-2024-27729
**Name of the Vulnerable Software and Affected Versions** Friendica version 2023.12 **Description** A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the `location` parameter of the calendar event feature. **Recommendations** For Friendica version 2023.12, consider restricting access to the calendar event feature until a patch is available. As a temporary workaround, avoid using the `location` parameter in the calendar event feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2024-22014
9.8
2024-08-15
Friendica · Friendica · CVE-2024-27730
**Name of the Vulnerable Software and Affected Versions** Friendica version 2023.12 **Description** The issue allows a remote attacker to obtain sensitive information and execute arbitrary code via the `cid` parameter of the calendar event feature. **Recommendations** For Friendica version 2023.12, consider restricting access to the calendar event feature until a patch is available. As a temporary workaround, avoid using the `cid` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-22015
6.1
2024-08-15
Friendica · Friendica · CVE-2024-27731
**Name of the Vulnerable Software and Affected Versions** Friendica version 2023.12 **Description** The issue allows a remote attacker to obtain sensitive information via the lack of file type filtering in the `file attachment parameter`. This is a Cross Site Scripting issue. **Recommendations** For Friendica version 2023.12, consider restricting the file types that can be attached to prevent exploitation until a patch is available. As a temporary workaround, disabling the file attachment feature can help minimize the risk of sensitive information being obtained.