Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by openteknik
CVE-2022-34966 (GCVE-0-2022-34966)
Vulnerability from nvd – Published: 2022-07-25 18:35 – Updated: 2024-08-03 09:22
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.opensource-socialnetwork.org/ | x_refsource_MISC |
| https://github.com/opensource-socialnetwork/opens… | x_refsource_MISC |
| https://www.openteknik.com/contact?channel=ossn | x_refsource_MISC |
| https://grimthereaperteam.medium.com/cve-2022-349… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T18:35:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opensource-socialnetwork.org/",
"refsource": "MISC",
"url": "https://www.opensource-socialnetwork.org/"
},
{
"name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3",
"refsource": "MISC",
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"name": "https://www.openteknik.com/contact?channel=ossn",
"refsource": "MISC",
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"name": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6",
"refsource": "MISC",
"url": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34966",
"datePublished": "2022-07-25T18:35:34.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34962 (GCVE-0-2022-34962)
Vulnerability from nvd – Published: 2022-07-25 17:17 – Updated: 2024-08-03 09:22
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.opensource-socialnetwork.org/ | x_refsource_MISC |
| https://github.com/opensource-socialnetwork/opens… | x_refsource_MISC |
| https://www.openteknik.com/contact?channel=ossn | x_refsource_MISC |
| https://grimthereaperteam.medium.com/cve-2022-349… | x_refsource_MISC |
| https://github.com/bypazs/CVE-2022-34962 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34962-ossn-6-3-lts-stored-xss-vulnerability-at-group-timeline-6ebe28dd6034"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bypazs/CVE-2022-34962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T17:17:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34962-ossn-6-3-lts-stored-xss-vulnerability-at-group-timeline-6ebe28dd6034"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bypazs/CVE-2022-34962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opensource-socialnetwork.org/",
"refsource": "MISC",
"url": "https://www.opensource-socialnetwork.org/"
},
{
"name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3",
"refsource": "MISC",
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"name": "https://www.openteknik.com/contact?channel=ossn",
"refsource": "MISC",
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"name": "https://grimthereaperteam.medium.com/cve-2022-34962-ossn-6-3-lts-stored-xss-vulnerability-at-group-timeline-6ebe28dd6034",
"refsource": "MISC",
"url": "https://grimthereaperteam.medium.com/cve-2022-34962-ossn-6-3-lts-stored-xss-vulnerability-at-group-timeline-6ebe28dd6034"
},
{
"name": "https://github.com/bypazs/CVE-2022-34962",
"refsource": "MISC",
"url": "https://github.com/bypazs/CVE-2022-34962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34962",
"datePublished": "2022-07-25T17:17:53.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34965 (GCVE-0-2022-34965)
Vulnerability from nvd – Published: 2022-07-25 00:00 – Updated: 2024-08-03 09:22 Disputed
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files.
Severity
7.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openteknik | open_source_social_network |
Affected:
6.3
cpe:2.3:a:openteknik:open_source_social_network:6.3:*:*:*:lts:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openteknik:open_source_social_network:6.3:*:*:*:lts:*:*:*"
],
"defaultStatus": "unknown",
"product": "open_source_social_network",
"vendor": "openteknik",
"versions": [
{
"status": "affected",
"version": "6.3"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34965",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T20:35:13.561540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T20:37:55.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34965-open-source-social-network-6-3-3f61db82880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T20:57:49.859Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.opensource-socialnetwork.org/"
},
{
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"url": "https://grimthereaperteam.medium.com/cve-2022-34965-open-source-social-network-6-3-3f61db82880"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34965",
"datePublished": "2022-07-25T00:00:00.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34964 (GCVE-0-2022-34964)
Vulnerability from nvd – Published: 2022-07-25 14:52 – Updated: 2024-08-03 09:22
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.opensource-socialnetwork.org/ | x_refsource_MISC |
| https://github.com/opensource-socialnetwork/opens… | x_refsource_MISC |
| https://www.openteknik.com/contact?channel=ossn | x_refsource_MISC |
| https://grimthereaperteam.medium.com/ossn-6-3-lts… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/ossn-6-3-lts-stored-xss-vulnerability-at-sitepages-ba91bbeccf1c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T14:52:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grimthereaperteam.medium.com/ossn-6-3-lts-stored-xss-vulnerability-at-sitepages-ba91bbeccf1c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opensource-socialnetwork.org/",
"refsource": "MISC",
"url": "https://www.opensource-socialnetwork.org/"
},
{
"name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3",
"refsource": "MISC",
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"name": "https://www.openteknik.com/contact?channel=ossn",
"refsource": "MISC",
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"name": "https://grimthereaperteam.medium.com/ossn-6-3-lts-stored-xss-vulnerability-at-sitepages-ba91bbeccf1c",
"refsource": "MISC",
"url": "https://grimthereaperteam.medium.com/ossn-6-3-lts-stored-xss-vulnerability-at-sitepages-ba91bbeccf1c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34964",
"datePublished": "2022-07-25T14:52:25.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34963 (GCVE-0-2022-34963)
Vulnerability from nvd – Published: 2022-07-25 14:30 – Updated: 2024-08-03 09:22
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.opensource-socialnetwork.org/ | x_refsource_MISC |
| https://github.com/opensource-socialnetwork/opens… | x_refsource_MISC |
| https://www.openteknik.com/contact?channel=ossn | x_refsource_MISC |
| https://grimthereaperteam.medium.com/cve-2022-349… | x_refsource_MISC |
| https://github.com/bypazs/CVE-2022-34963 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34963-ossn-6-3-lts-stored-xss-vulnerability-at-news-feed-b8ae8f2fa5f3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bypazs/CVE-2022-34963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T14:30:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34963-ossn-6-3-lts-stored-xss-vulnerability-at-news-feed-b8ae8f2fa5f3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bypazs/CVE-2022-34963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opensource-socialnetwork.org/",
"refsource": "MISC",
"url": "https://www.opensource-socialnetwork.org/"
},
{
"name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3",
"refsource": "MISC",
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"name": "https://www.openteknik.com/contact?channel=ossn",
"refsource": "MISC",
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"name": "https://grimthereaperteam.medium.com/cve-2022-34963-ossn-6-3-lts-stored-xss-vulnerability-at-news-feed-b8ae8f2fa5f3",
"refsource": "MISC",
"url": "https://grimthereaperteam.medium.com/cve-2022-34963-ossn-6-3-lts-stored-xss-vulnerability-at-news-feed-b8ae8f2fa5f3"
},
{
"name": "https://github.com/bypazs/CVE-2022-34963",
"refsource": "MISC",
"url": "https://github.com/bypazs/CVE-2022-34963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34963",
"datePublished": "2022-07-25T14:30:39.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34961 (GCVE-0-2022-34961)
Vulnerability from nvd – Published: 2022-07-25 14:39 – Updated: 2024-08-03 09:22
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.opensource-socialnetwork.org/ | x_refsource_MISC |
| https://github.com/opensource-socialnetwork/opens… | x_refsource_MISC |
| https://www.openteknik.com/contact?channel=ossn | x_refsource_MISC |
| https://github.com/bypazs/CVE-2022-34961 | x_refsource_MISC |
| https://grimthereaperteam.medium.com/cve-2022-349… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bypazs/CVE-2022-34961"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34961-ossn-6-3-lts-stored-xss-vulnerability-at-users-timeline-819a9d4e5e6c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T14:39:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bypazs/CVE-2022-34961"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34961-ossn-6-3-lts-stored-xss-vulnerability-at-users-timeline-819a9d4e5e6c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opensource-socialnetwork.org/",
"refsource": "MISC",
"url": "https://www.opensource-socialnetwork.org/"
},
{
"name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3",
"refsource": "MISC",
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"name": "https://www.openteknik.com/contact?channel=ossn",
"refsource": "MISC",
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"name": "https://github.com/bypazs/CVE-2022-34961",
"refsource": "MISC",
"url": "https://github.com/bypazs/CVE-2022-34961"
},
{
"name": "https://grimthereaperteam.medium.com/cve-2022-34961-ossn-6-3-lts-stored-xss-vulnerability-at-users-timeline-819a9d4e5e6c",
"refsource": "MISC",
"url": "https://grimthereaperteam.medium.com/cve-2022-34961-ossn-6-3-lts-stored-xss-vulnerability-at-users-timeline-819a9d4e5e6c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34961",
"datePublished": "2022-07-25T14:39:27.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34966 (GCVE-0-2022-34966)
Vulnerability from cvelistv5 – Published: 2022-07-25 18:35 – Updated: 2024-08-03 09:22
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.opensource-socialnetwork.org/ | x_refsource_MISC |
| https://github.com/opensource-socialnetwork/opens… | x_refsource_MISC |
| https://www.openteknik.com/contact?channel=ossn | x_refsource_MISC |
| https://grimthereaperteam.medium.com/cve-2022-349… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T18:35:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opensource-socialnetwork.org/",
"refsource": "MISC",
"url": "https://www.opensource-socialnetwork.org/"
},
{
"name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3",
"refsource": "MISC",
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"name": "https://www.openteknik.com/contact?channel=ossn",
"refsource": "MISC",
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"name": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6",
"refsource": "MISC",
"url": "https://grimthereaperteam.medium.com/cve-2022-34966-ossn-6-3-lts-html-injection-vulnerability-at-location-parameter-3fe791dd22c6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34966",
"datePublished": "2022-07-25T18:35:34.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34962 (GCVE-0-2022-34962)
Vulnerability from cvelistv5 – Published: 2022-07-25 17:17 – Updated: 2024-08-03 09:22
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.opensource-socialnetwork.org/ | x_refsource_MISC |
| https://github.com/opensource-socialnetwork/opens… | x_refsource_MISC |
| https://www.openteknik.com/contact?channel=ossn | x_refsource_MISC |
| https://grimthereaperteam.medium.com/cve-2022-349… | x_refsource_MISC |
| https://github.com/bypazs/CVE-2022-34962 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34962-ossn-6-3-lts-stored-xss-vulnerability-at-group-timeline-6ebe28dd6034"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bypazs/CVE-2022-34962"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T17:17:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34962-ossn-6-3-lts-stored-xss-vulnerability-at-group-timeline-6ebe28dd6034"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bypazs/CVE-2022-34962"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opensource-socialnetwork.org/",
"refsource": "MISC",
"url": "https://www.opensource-socialnetwork.org/"
},
{
"name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3",
"refsource": "MISC",
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"name": "https://www.openteknik.com/contact?channel=ossn",
"refsource": "MISC",
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"name": "https://grimthereaperteam.medium.com/cve-2022-34962-ossn-6-3-lts-stored-xss-vulnerability-at-group-timeline-6ebe28dd6034",
"refsource": "MISC",
"url": "https://grimthereaperteam.medium.com/cve-2022-34962-ossn-6-3-lts-stored-xss-vulnerability-at-group-timeline-6ebe28dd6034"
},
{
"name": "https://github.com/bypazs/CVE-2022-34962",
"refsource": "MISC",
"url": "https://github.com/bypazs/CVE-2022-34962"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34962",
"datePublished": "2022-07-25T17:17:53.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34964 (GCVE-0-2022-34964)
Vulnerability from cvelistv5 – Published: 2022-07-25 14:52 – Updated: 2024-08-03 09:22
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.opensource-socialnetwork.org/ | x_refsource_MISC |
| https://github.com/opensource-socialnetwork/opens… | x_refsource_MISC |
| https://www.openteknik.com/contact?channel=ossn | x_refsource_MISC |
| https://grimthereaperteam.medium.com/ossn-6-3-lts… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.964Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/ossn-6-3-lts-stored-xss-vulnerability-at-sitepages-ba91bbeccf1c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T14:52:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grimthereaperteam.medium.com/ossn-6-3-lts-stored-xss-vulnerability-at-sitepages-ba91bbeccf1c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opensource-socialnetwork.org/",
"refsource": "MISC",
"url": "https://www.opensource-socialnetwork.org/"
},
{
"name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3",
"refsource": "MISC",
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"name": "https://www.openteknik.com/contact?channel=ossn",
"refsource": "MISC",
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"name": "https://grimthereaperteam.medium.com/ossn-6-3-lts-stored-xss-vulnerability-at-sitepages-ba91bbeccf1c",
"refsource": "MISC",
"url": "https://grimthereaperteam.medium.com/ossn-6-3-lts-stored-xss-vulnerability-at-sitepages-ba91bbeccf1c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34964",
"datePublished": "2022-07-25T14:52:25.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34961 (GCVE-0-2022-34961)
Vulnerability from cvelistv5 – Published: 2022-07-25 14:39 – Updated: 2024-08-03 09:22
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.opensource-socialnetwork.org/ | x_refsource_MISC |
| https://github.com/opensource-socialnetwork/opens… | x_refsource_MISC |
| https://www.openteknik.com/contact?channel=ossn | x_refsource_MISC |
| https://github.com/bypazs/CVE-2022-34961 | x_refsource_MISC |
| https://grimthereaperteam.medium.com/cve-2022-349… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.926Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bypazs/CVE-2022-34961"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34961-ossn-6-3-lts-stored-xss-vulnerability-at-users-timeline-819a9d4e5e6c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T14:39:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bypazs/CVE-2022-34961"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34961-ossn-6-3-lts-stored-xss-vulnerability-at-users-timeline-819a9d4e5e6c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opensource-socialnetwork.org/",
"refsource": "MISC",
"url": "https://www.opensource-socialnetwork.org/"
},
{
"name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3",
"refsource": "MISC",
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"name": "https://www.openteknik.com/contact?channel=ossn",
"refsource": "MISC",
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"name": "https://github.com/bypazs/CVE-2022-34961",
"refsource": "MISC",
"url": "https://github.com/bypazs/CVE-2022-34961"
},
{
"name": "https://grimthereaperteam.medium.com/cve-2022-34961-ossn-6-3-lts-stored-xss-vulnerability-at-users-timeline-819a9d4e5e6c",
"refsource": "MISC",
"url": "https://grimthereaperteam.medium.com/cve-2022-34961-ossn-6-3-lts-stored-xss-vulnerability-at-users-timeline-819a9d4e5e6c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34961",
"datePublished": "2022-07-25T14:39:27.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34963 (GCVE-0-2022-34963)
Vulnerability from cvelistv5 – Published: 2022-07-25 14:30 – Updated: 2024-08-03 09:22
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://www.opensource-socialnetwork.org/ | x_refsource_MISC |
| https://github.com/opensource-socialnetwork/opens… | x_refsource_MISC |
| https://www.openteknik.com/contact?channel=ossn | x_refsource_MISC |
| https://grimthereaperteam.medium.com/cve-2022-349… | x_refsource_MISC |
| https://github.com/bypazs/CVE-2022-34963 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34963-ossn-6-3-lts-stored-xss-vulnerability-at-news-feed-b8ae8f2fa5f3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bypazs/CVE-2022-34963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T14:30:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34963-ossn-6-3-lts-stored-xss-vulnerability-at-news-feed-b8ae8f2fa5f3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bypazs/CVE-2022-34963"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-34963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.opensource-socialnetwork.org/",
"refsource": "MISC",
"url": "https://www.opensource-socialnetwork.org/"
},
{
"name": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3",
"refsource": "MISC",
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"name": "https://www.openteknik.com/contact?channel=ossn",
"refsource": "MISC",
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"name": "https://grimthereaperteam.medium.com/cve-2022-34963-ossn-6-3-lts-stored-xss-vulnerability-at-news-feed-b8ae8f2fa5f3",
"refsource": "MISC",
"url": "https://grimthereaperteam.medium.com/cve-2022-34963-ossn-6-3-lts-stored-xss-vulnerability-at-news-feed-b8ae8f2fa5f3"
},
{
"name": "https://github.com/bypazs/CVE-2022-34963",
"refsource": "MISC",
"url": "https://github.com/bypazs/CVE-2022-34963"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34963",
"datePublished": "2022-07-25T14:30:39.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-34965 (GCVE-0-2022-34965)
Vulnerability from cvelistv5 – Published: 2022-07-25 00:00 – Updated: 2024-08-03 09:22 Disputed
VLAI
Summary
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files.
Severity
7.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| openteknik | open_source_social_network |
Affected:
6.3
cpe:2.3:a:openteknik:open_source_social_network:6.3:*:*:*:lts:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openteknik:open_source_social_network:6.3:*:*:*:lts:*:*:*"
],
"defaultStatus": "unknown",
"product": "open_source_social_network",
"vendor": "openteknik",
"versions": [
{
"status": "affected",
"version": "6.3"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-34965",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T20:35:13.561540Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T20:37:55.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:22:10.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.opensource-socialnetwork.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"tags": [
"x_transferred"
],
"url": "https://grimthereaperteam.medium.com/cve-2022-34965-open-source-social-network-6-3-3f61db82880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-03T20:57:49.859Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.opensource-socialnetwork.org/"
},
{
"url": "https://github.com/opensource-socialnetwork/opensource-socialnetwork/releases/tag/6.3"
},
{
"url": "https://www.openteknik.com/contact?channel=ossn"
},
{
"url": "https://grimthereaperteam.medium.com/cve-2022-34965-open-source-social-network-6-3-3f61db82880"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-34965",
"datePublished": "2022-07-25T00:00:00.000Z",
"dateReserved": "2022-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:22:10.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}