CVE-2025-63441 PoC — Open Source Social Network 安全漏洞

Source

https://github.com/Kgan0509/CVE-2025-63441

Associated Vulnerability

Title:Open Source Social Network 安全漏洞 (CVE-2025-63441)
Description:Open Source Social Network（OSSN）是瑞士OSSN团队的一款源社交网络引擎。 Open Source Social Network（OSSN） 8.6版本存在安全漏洞，该漏洞源于对端点u/administrator/friends中参数param的错误操作，可能导致跨站脚本攻击。

Readme

# CVE-2025-63441

**Title:** 
Reflected XSS via `arbitrarily supplied URL parameter param` at endpoint `u/administrator/friends`

**Summary:**
A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the u/administrator/friends endpoint of the OSSN application.
This vulnerability allows attackers to inject malicious scripts the name of an arbitrarily supplied URL parameter.

**Impact:**
- Perform virtual defacement of the web site.
- Carry out any action that the user is able to perform.
- Redirecting the user to a competing site.
- Capture the user's(admin) session cookie.

Fixed in OSSN 8.7 and above
**github:** https://github.com/opensource-socialnetwork/opensource-socialnetwork/issues/2501 

**PoC:**
Payload: ?tcjz4'><script>alert(origin)<%2fscript>fefyj=1
<img width="1918" height="962" alt="image" src="https://github.com/user-attachments/assets/9843e99d-5623-47d7-ac68-1a21b2e70f8f" />

File Snapshot


 [4.0K]  /data/pocs/0913e802f3cef838e009ed37cf57c8240c522f25
└── [ 920]  README.md

1 directory, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!