216.73.217.64

CVE-2025-55288

· Published 18/08/2025 17:15 · Modified 18/08/2025 20:16

Labels: CVE-2025-55288 2025-08-18CVE-2025-55288CWE-79[email protected]

Essential information

Published
18/08/2025 17:15
Modified
18/08/2025 20:16
Author
Creator
CVSS
5.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CVSS metrics

Description

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
genealogy / genealogy cpe:2.3:a:genealogy:genealogy:*:*:*:*:*:*:*:*

References