CVE-2024-27729

HIGH Year: 2024
CVSS v3 Score
7.4
High
Weakness Type
CWE-79
View all →

Vulnerability Description

Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature.

Related Vulnerabilities

CVE-2016-2512

HIGH
CVSS:7.4(High)

The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cro...

CWE-792016

CVE-2019-0130

HIGH
CVSS:7.4(High)

Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network...

CWE-792019

CVE-2019-20514

HIGH
CVSS:7.4(High)

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ URI.

CWE-792019

CVE-2019-20515

HIGH
CVSS:7.4(High)

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresses/ URI.

CWE-792019

CVE-2019-20516

HIGH
CVSS:7.4(High)

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ URI.

CWE-792019

CVE-2019-20517

HIGH
CVSS:7.4(High)

ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ URI.

CWE-792019