CVE-2025-55888

Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution in the context of users browsers. This flaw could lead to session hijacking, cookie theft, and other malicious actions.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ard:gec_en_ligne:-:*:*:*:*:*:*:*

History

14 Oct 2025, 19:51

Type Values Removed Values Added
CPE cpe:2.3:a:ard:gec_en_ligne:-:*:*:*:*:*:*:*
First Time Ard gec En Ligne
Ard
References () http://alpes.com - () http://alpes.com - Broken Link
References () http://ard.com - () http://ard.com - Broken Link
References () https://github.com/0xZeroSec/CVE-2025-55888 - () https://github.com/0xZeroSec/CVE-2025-55888 - Exploit
References () https://services.ard.fr/?eID=tx_afereload_ajax_transactionmanager - () https://services.ard.fr/?eID=tx_afereload_ajax_transactionmanager - Product

22 Sep 2025, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-09-22 18:15

Updated : 2025-10-14 19:51


NVD link : CVE-2025-55888

Mitre link : CVE-2025-55888

CVE.ORG link : CVE-2025-55888


JSON object : View

Products Affected

ard

  • gec_en_ligne
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')