CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-55888

Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution in the context of users browsers. This flaw could lead to session hijacking, cookie theft, and other malicious actions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.9%

CVSS Severity

CVSS v3 Score 7.3

References

http://alpes.com
http://ard.com
https://github.com/0xZeroSec/CVE-2025-55888
https://services.ard.fr/?eID=tx_afereload_ajax_transactionmanager

Products affected by CVE-2025-55888

Ard » Gec En Ligne » Version: N/A

cpe:2.3:a:ard:gec_en_ligne:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-55888

Products

Pricing

Contact Us