Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-34963: Release OSSN 6.3 LTS · opensource-socialnetwork/opensource-socialnetwork

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.

CVE
Open in Source
#xss#vulnerability#google#apache#php#acer

OSSN - OPEN SOURCE SOCIAL NETWORK v6.3 LTS

  • [E] Allow all callables for extend view #2024

  • [E] avoiding unnecessary handling of extra space at comment start #2029

  • [B] skip friend access check if page visitor is not logged in #2037

  • [B] User can not comment on friend only, own album photo #2039

  • [B] OssnSounds missing the button for sound on/off #2032

  • [E] Make sure addUser also run isEmail validation #2022

  • [E] Multiple select (html) handler #2040

  • [B] jqueryui-datepicker fails on Google translated pages #2036

  • [B] ossn_delete_relationship recursive not working #2035

  • [E] add a new function ossn_get_relation_by_id() #2034

  • [B] UI add friend success text goes wrong position #2027

  • [E] update version and pre-requisite OssnEmbed #2045

  • [B] fixed unallowed

    inside paragraph again #2044

  • [E] load css for video in #2043

  • [E] make video visible in #2042

  • [E] Add provided by giphy footer or banner #2049

  • [E] Correction of term ‘miinutos’ to ‘minutos’ #2048

  • [E] CLI + cron library and documentation on community #2050

  • [B] fixed calling unavailable/mistyped function #2051

  • [E] OssnMail 'email’, ‘send:policy’ 3rd parameter #2052

  • [E] [E] optimized getMyGroups() #2071

  • [E] optimized OssnGroup::isMember() #2070

  • [E] optimized OssnGroup::getMembersRequests() #2069

  • [E] optimized group join-requests counter #2067

  • [E] PHP8 prevent bool->guid warnings #2058

  • [B] fixed missing error handler for not existing subpages #2055

  • [E] Add confirmation before deleting photos #2073

  • [E] Enhance group menu entries in sidebar #2072

  • [B] PHP8 If deleted comments tried to be deleted again #2057

  • [B] OssnNotification if poster and owner is same participants hook never run #2053

  • [B] Fix the like:object view menu type introduced in #1868 #2081

  • [E] Replace translation PT #2079 #2075

  • [E] Improve mod_rewrite CURL functionality #2078

  • [B] fixed use of undefined variable $object #2084

  • [E] Some small locale fixes. #2087

  • [B] PHP Warning: preg_match(): Compilation failed (#2018). #2086

  • [B] fix creating incomplete wall entities if addPhoto() fails #2088

  • [B] prevent warning if $fields is false #2137 #2136 #2135

  • [E] Update PHP version to minimum 8 #2061

  • [B] Comment Static photo should have only filename no fullpath #2090

  • [B] No notification to participants if someone comments on profile photo , cover, album photo #2054

  • [B] jqueryui-datepicker fails on Google translated pages #2036

  • [E] Removal of old upgrade scripts #2085

  • [E] Enhance OssnFile and Include CDN option #2089

  • [E] fixed different ‘readonly’ colors #2134

  • [B] missing check if member has a cover image #2093

  • [E] some installation warnings #2018

  • [E] don’t list unvalidated members #2144

  • [B] Multiple clicks on same action add member multiple times in group #2147

  • [B] col-xs not anymore with BS5 #2017

  • [E] Remove php5 apache config and update post and upload sizes #2033

  • [E] Stop rewriting .htaccess every time page loads during installation #2091

  • [B] Deleting a group should remove group:joinrequest records #2066

  • [E] Enable linkifying of Entity comments #2080

  • [B] wrong class extending in all input plugins #2146

  • [E] Ossn::File MaxSize() add UploadMaxSize #2148

  • [B] getting orphan notification records of type comments:post:group:wall #2060

  • [E] isModerator (for groups) in comments section also. #2025

  • [E] Added OssnJWT class based on firebase/JWT

  • [E] Updated cacert.pem

  • [E] Updated PHP MAILER to 6.6.0

  • [B] Pagination not responsive #2150

  • [E] Show components in admin panel in ASC order of their installation #2155

  • [E] Component delete confirmation if wanted to keep settings. #2152

  • [T] OssnUser::getFriends() #2149

  • [B] Pagination not responsive #2150

  • [B] btn-sm have no effect #2153

  • [B] missing checkbox-block span style #2145

  • [B] Non logged in visitor can view private posts #2158

  • [B] OssnChat default value showing 0 in class #2163

  • [E] Request for new user image classes defining the shape only #2143

  • [B] Post background not breaking if str > 125 chars #2164

  • [B] deleting profile photo gives error on iconURL() #2166

  • [B] deleting profile cover gives error on coverURL() #2166

Special Thanks to Michael Zülsdorff (aka Zetman) (https://www.opensource-socialnetwork.org/u/zetman) for testing and bug reporting, fixing.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE