CVE-2025-55287

MEDIUM

Genealogy <4.4.0 - XSS

Title source: llm

Description

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.

Exploits (1)

nomisec WORKING POC 1 stars

by Eternalvalhalla · poc

https://github.com/Eternalvalhalla/CVE-2025-55287-POC

View Code ZIP pw:eip

References (2)

[Mitigation, Third Party Advisory] https://github.com/MGeurts/genealogy/security/advisories/GHSA-j457-9m86-6q5r

[Patch] https://github.com/MGeurts/genealogy/commit/1683b3cbea5e52c99291fa231b7bc8c33f33c33f

Scores

CVSS v3 5.4

EPSS 0.0003

EPSS Percentile 10.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

kreaweb/genealogy < 4.4.0

Published Aug 18, 2025

Tracked Since Feb 18, 2026