Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution in the context of users browsers. This flaw could lead to session hijacking, cookie theft, and other malicious actions.
References
Link | Resource |
---|---|
http://alpes.com | Broken Link |
http://ard.com | Broken Link |
https://github.com/0xZeroSec/CVE-2025-55888 | Exploit |
https://services.ard.fr/?eID=tx_afereload_ajax_transactionmanager | Product |
Configurations
History
14 Oct 2025, 19:51
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ard:gec_en_ligne:-:*:*:*:*:*:*:* | |
First Time |
Ard gec En Ligne
Ard |
|
References | () http://alpes.com - Broken Link | |
References | () http://ard.com - Broken Link | |
References | () https://github.com/0xZeroSec/CVE-2025-55888 - Exploit | |
References | () https://services.ard.fr/?eID=tx_afereload_ajax_transactionmanager - Product |
22 Sep 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-09-22 18:15
Updated : 2025-10-14 19:51
NVD link : CVE-2025-55888
Mitre link : CVE-2025-55888
CVE.ORG link : CVE-2025-55888
JSON object : View
Products Affected
ard
- gec_en_ligne
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')