CVE-2025-63441

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-63441
Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/opensource-socialnetwork/opensource-socialnetwork/issues/2501 Vendor Advisory Issue Tracking
https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/8.6 Release Notes
https://www.opensource-socialnetwork.org/discussion/view/7663/open-source-social-network-ossn-86-has-been-released Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:opensource-socialnetwork:open_source_social_network:8.6:*:*:*:*:*:*:*
History

04 Feb 2026, 20:18

Type Values Removed Values Added
CPE cpe:2.3:a:opensource-socialnetwork:open_source_social_network:8.6:*:*:*:*:*:*:*
First Time Opensource-socialnetwork open Source Social Network
Opensource-socialnetwork
References () https://github.com/opensource-socialnetwork/opensource-socialnetwork/issues/2501 - () https://github.com/opensource-socialnetwork/opensource-socialnetwork/issues/2501 - Vendor Advisory, Issue Tracking
References () https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/8.6 - () https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/8.6 - Release Notes
References () https://www.opensource-socialnetwork.org/discussion/view/7663/open-source-social-network-ossn-86-has-been-released - () https://www.opensource-socialnetwork.org/discussion/view/7663/open-source-social-network-ossn-86-has-been-released - Product

03 Nov 2025, 19:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.3
CWE CWE-79

03 Nov 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-11-03 17:15

Updated : 2026-02-04 20:18

NVD link : CVE-2025-63441

Mitre link : CVE-2025-63441

CVE.ORG link : CVE-2025-63441

JSON object : View

Products Affected

opensource-socialnetwork

  • open_source_social_network
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')