CVE-2024-27731
- Source
- https://cve.org/CVERecord?id=CVE-2024-27731
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27731.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-27731
- Published
- 2024-08-15T19:15:18.770Z
- Modified
- 2025-11-15T18:42:45.427209Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.
- References
Affected packages
Git / github.com/friendica/friendica
Affected ranges
- Type
- GIT
- Repo
- https://github.com/friendica/friendica
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
2.*
2.2
2.21
2.3
2.32
2.33
2.34
2.35
2.36
2.37
2.38
2.39
2.3beta1
2.3beta2
2018.*
2018.05
2018.09
2019.*
2019.01
2019.03
2019.04
2019.06
2019.09
2019.12
2020.*
2020.03
2020.07
2020.07-1
2020.09
2020.09-1
2021.*
2021.01
2021.04
2021.07
2021.09
2022.*
2022.02
2022.03
2022.06
2022.10
2022.12
2023.*
2023.01
2023.04
2023.04-1
2023.05
2023.12
3.*
3.0
3.01
3.1
3.2
3.3
3.3-RC
3.3.1
3.3.2
3.3.3
3.3rc
3.4
3.4.1
3.4.2
3.4.3
3.4.3-2
3.5
3.5.1
3.5.2
3.5.3
3.5.4
3.6