Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Link | Tags |
---|---|
https://leo.oliver.nz/posts/2024/05/friendica-cve-disclosures/ | exploit third party advisory |
https://github.com/friendica/friendica/pull/13927 | issue tracking patch |