CVE-2025-63441

HIGH

Open Source Social Network 8.6 - Cross-Site Scripting via Administrator Friends Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-63441. PoCs published by Kgan0509.

AI-analyzed exploit summary This repository contains a writeup for CVE-2025-63441, detailing a Reflected XSS vulnerability in the OSSN application's `u/administrator/friends` endpoint. The vulnerability allows attackers to inject malicious scripts via an arbitrarily supplied URL parameter.

Description

Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.

Exploits (1)

nomisec WRITEUP
by Kgan0509 · poc
https://github.com/Kgan0509/CVE-2025-63441

This repository contains a writeup for CVE-2025-63441, detailing a Reflected XSS vulnerability in the OSSN application's `u/administrator/friends` endpoint. The vulnerability allows attackers to inject malicious scripts via an arbitrarily supplied URL parameter.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Open Source Social Network (OSSN) < 8.7
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to craft a malicious URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.3
EPSS 0.0023
EPSS Percentile 13.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
opensource-socialnetwork/open_source_social_network 8.6
Published Nov 03, 2025
Tracked Since Feb 18, 2026