CVE-2025-55473

MEDIUM

Asian Arts Talents Foundation Website <5.1.x & Docker 2024.12.8.1 -...

Title source: llm
STIX 2.1

Description

Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output encoding. This allows an attacker to inject malicious JavaScript code that will execute in visitor browsers.

Scores

CVSS v3 6.1
EPSS 0.0030
EPSS Percentile 21.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Published Sep 02, 2025
Tracked Since Feb 18, 2026