Opensource Socialnetwork
Products
2- 11 CVEs
- 4 CVEs
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41309 | Hig | 0.46 | 8.2 | 0.00 | Apr 24, 2026 | Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions (e.g., $10000 \times 10000$ pixels). While… | ||
| CVE-2025-63585 | 0.00 | — | 0.00 | Nov 5, 2025 | OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter. | |||
| CVE-2025-63441 | 0.00 | — | 0.00 | Nov 3, 2025 | Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends. | |||
| CVE-2023-6420 | 0.00 | — | 0.01 | Nov 30, 2023 | A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the… | |||
| CVE-2023-6419 | 0.00 | — | 0.01 | Nov 30, 2023 | A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the… | |||
| CVE-2023-6418 | 0.00 | — | 0.01 | Nov 30, 2023 | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server… | |||
| CVE-2023-6417 | 0.00 | — | 0.01 | Nov 30, 2023 | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server… | |||
| CVE-2023-6416 | 0.00 | — | 0.01 | Nov 30, 2023 | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signup2.php in the emailadd parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the… | |||
| CVE-2023-6415 | 0.00 | — | 0.01 | Nov 30, 2023 | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server… | |||
| CVE-2023-6414 | 0.00 | — | 0.01 | Nov 30, 2023 | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to… | |||
| CVE-2023-6413 | 0.00 | — | 0.01 | Nov 30, 2023 | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to… | |||
| CVE-2023-6412 | 0.00 | — | 0.01 | Nov 30, 2023 | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server… | |||
| CVE-2023-6411 | 0.00 | — | 0.01 | Nov 30, 2023 | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server… | |||
| CVE-2023-6410 | 0.00 | — | 0.01 | Nov 30, 2023 | A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the… | |||
| CVE-2020-10560 | 0.00 | — | 0.04 | Mar 30, 2020 | An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force… |
- risk 0.46cvss 8.2epss 0.00
Open Source Social Network (OSSN) is open-source social networking software developed in PHP. Versions prior to 9.0 are vulnerable to resource exhaustion. An attacker can upload a specially crafted image with extreme pixel dimensions (e.g., $10000 \times 10000$ pixels). While…
- CVE-2025-63585Nov 5, 2025risk 0.00cvss —epss 0.00
OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter.
- CVE-2025-63441Nov 3, 2025risk 0.00cvss —epss 0.00
Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.
- CVE-2023-6420Nov 30, 2023risk 0.00cvss —epss 0.01
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via signup2.php in the emailadd parameter, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the…
- CVE-2023-6419Nov 30, 2023risk 0.00cvss —epss 0.01
A vulnerability has been reported in Voovi Social Networking Script version 1.0 that allows a XSS via editprofile.php in multiple parameters, the exploitation of which could allow a remote attacker to send a specially crafted JavaScript payload and partially take over the…
- CVE-2023-6418Nov 30, 2023risk 0.00cvss —epss 0.01
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server…
- CVE-2023-6417Nov 30, 2023risk 0.00cvss —epss 0.01
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server…
- CVE-2023-6416Nov 30, 2023risk 0.00cvss —epss 0.01
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signup2.php in the emailadd parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the…
- CVE-2023-6415Nov 30, 2023risk 0.00cvss —epss 0.01
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server…
- CVE-2023-6414Nov 30, 2023risk 0.00cvss —epss 0.01
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to…
- CVE-2023-6413Nov 30, 2023risk 0.00cvss —epss 0.01
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to…
- CVE-2023-6412Nov 30, 2023risk 0.00cvss —epss 0.01
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server…
- CVE-2023-6411Nov 30, 2023risk 0.00cvss —epss 0.01
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the server…
- CVE-2023-6410Nov 30, 2023risk 0.00cvss —epss 0.01
A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted SQL query to the…
- CVE-2020-10560Mar 30, 2020risk 0.00cvss —epss 0.04
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force…