CNNVD-202508-2035 Information

CNNVD ID

CNNVD-202508-2035

Related CVE

CVE-2025-55287

• CNNVD Published: 2025-08-18

Description (Chinese)

Genealogy是KREAWEB.be个人开发者的一个的家谱PHP应用程序。 Genealogy 4.4.0之前版本存在跨站脚本漏洞，该漏洞源于存储型跨站脚本漏洞，可能导致会话劫持和数据窃取。

Description (English)

Genealogy is a PHP application of the KREAWEB.be personal developer. Prior to Geneaology 4.4.0, there was a cross-site script loophole, which originated in a storage-type cross-site script loophole that could lead to session hijacking and data theft.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-08-18

Last Modified

2026-02-24

References

https://github.com/MGeurts/genealogy/commit/1683b3cbea5e52c99291fa231b7bc8c33f33c33f https://github.com/MGeurts/genealogy/security/advisories/GHSA-j457-9m86-6q5r https://nvd.nist.gov/vuln/detail/CVE-2025-55287

Patch

https://github.com/MGeurts/genealogy/releases