Cross-Site Scripting (XSS) vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that is executed in the context of a user s browser. This can lead to session hijacking, theft of cookies, and other malicious actions performed on behalf of the victim.
References
Link | Resource |
---|---|
http://alpes.com | Broken Link |
http://ard.com | Broken Link |
https://github.com/0xZeroSec/CVE-2025-55887 | Exploit Third Party Advisory |
https://services.ard.fr/index.php | Product |
https://github.com/0xZeroSec/CVE-2025-55887 | Exploit Third Party Advisory |
Configurations
History
14 Oct 2025, 19:51
Type | Values Removed | Values Added |
---|---|---|
References | () http://alpes.com - Broken Link | |
References | () http://ard.com - Broken Link | |
References | () https://github.com/0xZeroSec/CVE-2025-55887 - Exploit, Third Party Advisory | |
References | () https://services.ard.fr/index.php - Product | |
First Time |
Ard gec En Ligne
Ard |
|
CPE | cpe:2.3:a:ard:gec_en_ligne:-:*:*:*:*:*:*:* |
24 Sep 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/0xZeroSec/CVE-2025-55887 - | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CWE | CWE-79 |
22 Sep 2025, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-09-22 19:15
Updated : 2025-10-14 19:51
NVD link : CVE-2025-55887
Mitre link : CVE-2025-55887
CVE.ORG link : CVE-2025-55887
JSON object : View
Products Affected
ard
- gec_en_ligne
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')