{"id":"CVE-2024-39094","details":"Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the homepage, xmpp, and matrix parameters.","modified":"2026-04-10T05:13:32.842534Z","published":"2024-08-20T14:15:09.330Z","references":[{"type":"ADVISORY","url":"https://friendi.ca/2024/08/17/friendica-2024-08-released/"},{"type":"ADVISORY","url":"https://github.com/friendica/friendica/releases/tag/2024.08"},{"type":"REPORT","url":"https://github.com/friendica/friendica/issues/14220"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/friendica/friendica","events":[{"introduced":"0"},{"last_affected":"6da09c33683ec40cb4af2687fdd7447cdae5abbd"},{"fixed":"6d605f24eef13b0a77196a604bf05610f6d795ee"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2024.03"}]}}],"versions":["2.2","2.21","2.3","2.32","2.33","2.34","2.35","2.37","2.38","2.39","2.3beta1","2.3beta2","2019.01","2019.03","2019.09","2020.03","2020.07","2020.09-1","2021.01","2021.04","2021.09","2022.02","2022.03","2022.06","2022.10","2022.12","2023.01","2023.04","2023.04-1","2023.05","2023.12","2024.03","3.0","3.01","3.1","3.2","3.3","3.3-RC","3.5.3","3.5.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39094.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}