CVE-2025-55288 | THREATINT

Description

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.

PUBLISHED Reserved 2025-08-12 | Published 2025-08-18 | Updated 2025-08-18 | Assigner GitHub_M

MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

< 4.4.0

affected

References

github.com/...ealogy/security/advisories/GHSA-3h8x-g9xj-rhwg

github.com/...ommit/1683b3cbea5e52c99291fa231b7bc8c33f33c33f

cve.org (CVE-2025-55288)

nvd.nist.gov (CVE-2025-55288)

Download JSON