CVE-2024-39094

Name of the Vulnerable Software and Affected Versions Friendica version 2024.03

Description The issue is related to Cross Site Scripting (XSS) in the settings/profile section via the homepage, xmpp, and matrix parameters. This allows for potential malicious script execution.

Recommendations For Friendica version 2024.03, as a temporary workaround, consider restricting access to the settings/profile section until a patch is available. Avoid using the homepage, xmpp, and matrix parameters in the affected settings/profile section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.