Vulnerabilities > Facebook > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-19 | CVE-2023-5654 | Unspecified vulnerability in Facebook React-Devtools The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the browser. | 6.5 |
| 2023-04-29 | CVE-2023-30792 | Cross-site Scripting vulnerability in Facebook Lexical Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources. | 6.1 |
| 2022-03-23 | CVE-2020-20093 | Unspecified vulnerability in Facebook Messenger The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. network facebook | 4.3 |
| 2022-03-23 | CVE-2020-20094 | Unspecified vulnerability in Facebook Instagram Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages network facebook | 4.3 |
| 2021-12-13 | CVE-2021-24045 | Type Confusion vulnerability in Facebook Hermes A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. | 6.8 |
| 2021-10-26 | CVE-2019-3556 | Path Traversal vulnerability in Facebook Hhvm HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. | 5.5 |
| 2021-09-10 | CVE-2021-39207 | Deserialization of Untrusted Data vulnerability in Facebook Parlai parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. | 6.5 |
| 2021-04-12 | CVE-2021-24218 | Cross-Site Request Forgery (CSRF) vulnerability in Facebook The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. | 6.8 |
| 2021-03-15 | CVE-2021-24029 | Reachable Assertion vulnerability in Facebook Mvfst and Proxygen A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. | 5.0 |
| 2021-03-11 | CVE-2020-1899 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Facebook Hhvm The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. | 5.0 |