Medium severity6.1NVD Advisory· Published Apr 1, 2017· Updated May 13, 2026

CVE-2017-7390

Description

A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
movingbytes/social-networkPackagist	<= 1.2.1	—

Affected products

Socialnetwork Project/Socialnetwork
cpe:2.3:a:socialnetwork_project:socialnetwork:1.2.1:*:*:*:*:*:*:*

Patches

1b0799d08fda

Update pw_forgot.php

https://github.com/andreas83/SocialNetworkAndreas BederMar 23, 2017via ghsa

commit

1 file changed · +1 −1

app/template/pw_forgot.php+1 −1 modified

@@ -1,6 +1,6 @@
 <?php
 include("header.php");
-$mail=(isset($_POST['mail']) ? $_POST['mail'] : "" );
+$mail=(isset($_POST['mail']) && filter_var($_POST['mail'], FILTER_VALIDATE_EMAIL) ? $_POST['mail'] : "" );
                 
 ?>
 <div class="container">

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/andreas83/SocialNetwork/issues/84nvdIssue TrackingPatchThird Party AdvisoryWEB
github.com/advisories/GHSA-3fm8-7gpf-p8fmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-7390ghsaADVISORY
www.securityfocus.com/bid/97312nvdWEB
github.com/andreas83/SocialNetwork/commit/1b0799d08fda2f3099beaae1234b8b468deb8db1ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000