PT-2025-44784 · Unknown · Ossn Open Source Social Network
Published
2025-11-03
·
Updated
2025-11-03
·
CVE-2025-63441
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Open Source Social Network (OSSN) version 8.6
Description
Open Source Social Network (OSSN) version 8.6 is susceptible to a Cross Site Scripting (XSS) issue. The issue occurs through the
param parameter at the /u/administrator/friends API endpoint. This allows for potential malicious script injection.Recommendations
Apply updates to address the issue in OSSN version 8.6. As a temporary workaround, consider restricting access to the
/u/administrator/friends endpoint to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ossn Open Source Social Network