{"id":"CVE-2024-27731","details":"Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.","modified":"2026-04-10T05:11:17.566206Z","published":"2024-08-15T19:15:18.770Z","references":[{"type":"FIX","url":"https://github.com/friendica/friendica/pull/13927"},{"type":"EVIDENCE","url":"https://leo.oliver.nz/posts/2024/05/friendica-cve-disclosures/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/friendica/friendica","events":[{"introduced":"0"},{"last_affected":"d4a5a8051ad34a7be72238967afb3e6b140afdc8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2023.12"}]}}],"versions":["2.2","2.21","2.3","2.32","2.33","2.34","2.35","2.37","2.38","2.39","2.3beta1","2.3beta2","2019.01","2019.03","2019.09","2020.03","2020.07","2020.09-1","2021.01","2021.04","2021.09","2022.02","2022.03","2022.06","2022.10","2022.12","2023.01","2023.04","2023.04-1","2023.05","2023.12","3.0","3.01","3.1","3.2","3.3","3.3-RC","3.5.3","3.5.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27731.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}