CVE-2025-55887

Cross-Site Scripting (XSS) vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that is executed in the context of a user s browser. This can lead to session hijacking, theft of cookies, and other malicious actions performed on behalf of the victim.
References
Link Resource
http://alpes.com Broken Link
http://ard.com Broken Link
https://github.com/0xZeroSec/CVE-2025-55887 Exploit Third Party Advisory
https://services.ard.fr/index.php Product
https://github.com/0xZeroSec/CVE-2025-55887 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ard:gec_en_ligne:-:*:*:*:*:*:*:*

History

14 Oct 2025, 19:51

Type Values Removed Values Added
References () http://alpes.com - () http://alpes.com - Broken Link
References () http://ard.com - () http://ard.com - Broken Link
References () https://github.com/0xZeroSec/CVE-2025-55887 - () https://github.com/0xZeroSec/CVE-2025-55887 - Exploit, Third Party Advisory
References () https://services.ard.fr/index.php - () https://services.ard.fr/index.php - Product
First Time Ard gec En Ligne
Ard
CPE cpe:2.3:a:ard:gec_en_ligne:-:*:*:*:*:*:*:*

24 Sep 2025, 20:15

Type Values Removed Values Added
References () https://github.com/0xZeroSec/CVE-2025-55887 - () https://github.com/0xZeroSec/CVE-2025-55887 -
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79

22 Sep 2025, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-09-22 19:15

Updated : 2025-10-14 19:51


NVD link : CVE-2025-55887

Mitre link : CVE-2025-55887

CVE.ORG link : CVE-2025-55887


JSON object : View

Products Affected

ard

  • gec_en_ligne
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')