CNNVD-202508-2036 Information

CNNVD ID

CNNVD-202508-2036

Related CVE

CVE-2025-55288

• CNNVD Published: 2025-08-18

Description (Chinese)

Genealogy是KREAWEB.be个人开发者的一个的家谱PHP应用程序。 Genealogy 4.4.0之前版本存在跨站脚本漏洞，该漏洞源于反射型跨站脚本漏洞，可能导致会话劫持和数据窃取。

Description (English)

Genealogy is a PHP application of the KREAWEB.be personal developer. There was a cross-site script loophole in the pre-Geneaology 4.4.0, which originated in a reflector-type cross-site script loophole that could lead to session hijacking and data theft.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-08-18

Last Modified

2026-02-24

References

https://github.com/MGeurts/genealogy/commit/1683b3cbea5e52c99291fa231b7bc8c33f33c33f https://github.com/MGeurts/genealogy/security/advisories/GHSA-3h8x-g9xj-rhwg https://nvd.nist.gov/vuln/detail/CVE-2025-55288

Patch

https://github.com/MGeurts/genealogy/releases