3 matches found
CVE-2020-10560
OSSN prior to 5.3 is vulnerable to an unauthenticated arbitrary file read. A user-controlled file path combined with a weak cryptographic SiteKey can be brute-forced to craft a URL that targets components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php, allowing reading arbitrary ...
CVE-2025-63441
CVE-2025-63441 affects Open Source Social Network (OSSN) 8.6. The connected documents identify a Cross-Site Scripting (XSS) vulnerability exploitable via the parameter named param at the endpoint /u/administrator/friends. The CVSS v3.1 vector indicates Network attack, Low attack complexity, Low p...
CVE-2025-63585
OSSN 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter. The vulnerability is a SQLi in the timestamp field that can lead to data disclosure/modification under certain DB permissions, with evidence of a time-based blind exploit demonstrated in public GitHu...