CVE-2025-55287

EUVD-2025-25150
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
GitHub_MCNA
8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
kreawebgenealogy
𝑥
< 4.4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/MGeurts/genealogy/commit/1683b3cbea5e52c99291fa231b7bc8c33f33c33f
https://github.com/MGeurts/genealogy/security/advisories/GHSA-j457-9m86-6q5r