๐Ÿ” CVE Alert

CVE-2025-55888

HIGH 7.3
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th

Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. This input is not properly sanitized or encoded when rendered, allowing script execution in the context of users browsers. This flaw could lead to session hijacking, cookie theft, and other malicious actions.

Vendor n/a
Product n/a
Published Sep 22, 2025
Last Updated Jul 5, 2026
Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new high vulnerabilities affecting n/a n/a are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

n/a / n/a
n/a

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
ard.com: http://ard.com services.ard.fr: https://services.ard.fr/?eID=tx_afereload_ajax_transactionmanager github.com: https://github.com/0xZeroSec/CVE-2025-55888