Opensource Socialnetwork
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41309 | Hig | 0.46 | 8.2 | 0.00 | Apr 24, 2026 | Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions (e.g., $10000 \times 10000$ pixels). While… | ||
| CVE-2025-63585 | 0.00 | — | 0.00 | Nov 5, 2025 | OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter. | |||
| CVE-2025-63441 | 0.00 | — | 0.00 | Nov 3, 2025 | Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends. | |||
| CVE-2020-10560 | 0.00 | — | 0.04 | Mar 30, 2020 | An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force… |
- risk 0.46cvss 8.2epss 0.00
Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions (e.g., $10000 \times 10000$ pixels). While…
- CVE-2025-63585Nov 5, 2025risk 0.00cvss —epss 0.00
OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter.
- CVE-2025-63441Nov 3, 2025risk 0.00cvss —epss 0.00
Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.
- CVE-2020-10560Mar 30, 2020risk 0.00cvss —epss 0.04
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force…