Open Social

open_social

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-48921 1Getopensocial 1Open Social Jul 9, 2025 Jun 26, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13.
CVE-2025-31686 1Getopensocial 1Open Social Aug 25, 2025 Mar 31, 2025 N/A· v4 8.1 HIGH· v3 N/A· v2 Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.
CVE-2025-31685 1Getopensocial 1Open Social Aug 25, 2025 Mar 31, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 0.0.0 before 12.3.11, from 12.4.0 before 12.4.10.
CVE-2024-13312 1Getopensocial 1Open Social Aug 25, 2025 Jan 9, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9.
CVE-2024-13274 1Getopensocial 1Open Social Aug 25, 2025 Jan 9, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5.
CVE-2024-13273 1Getopensocial 1Open Social Aug 28, 2025 Jan 9, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11.Show less
CVE-2024-13241 1Getopensocial 1Open Social Jun 4, 2025 Jan 9, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5.
CVE-2024-13240 1Getopensocial 1Open Social Jun 4, 2025 Jan 9, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05.