Description
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/MGeurts/genealogy/security/advisories/GHSA-3h8x-g9xj-rhwg
Scores
CVSS v3
5.5
EPSS
0.0004
EPSS Percentile
10.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
kreaweb/genealogy
< 4.4.0
Published
Aug 18, 2025
Tracked Since
Feb 18, 2026