CVE-2025-55887

MEDIUM

ARD - XSS

Title source: llm

Description

Cross-Site Scripting (XSS) vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that is executed in the context of a user s browser. This can lead to session hijacking, theft of cookies, and other malicious actions performed on behalf of the victim.

Exploits (1)

nomisec WORKING POC 3 stars
by 0xZeroSec · poc
https://github.com/0xZeroSec/CVE-2025-55887

References (4)

Scores

CVSS v3 6.1
EPSS 0.0005
EPSS Percentile 16.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
ard/gec_en_ligne
Published Sep 22, 2025
Tracked Since Feb 18, 2026