CVE-2025-63441

high

Description

Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.

References

https://www.opensource-socialnetwork.org/discussion/view/7663/open-source-social-network-ossn-86-has-been-released

https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/8.6

https://github.com/opensource-socialnetwork/opensource-socialnetwork/issues/2501

Details

Source: Mitre, NVD

Published: 2025-11-03

Updated: 2025-11-04

Risk Information

CVSS v2

Base Score: 8.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00031