Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.
History

Wed, 03 Sep 2025 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Kreaweb
Kreaweb genealogy
CPEs cpe:2.3:a:kreaweb:genealogy:*:*:*:*:*:*:*:*
Vendors & Products Kreaweb
Kreaweb genealogy
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}


Mon, 18 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 18 Aug 2025 17:15:00 +0000

Type Values Removed Values Added
Description Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.
Title Genealogy has a stored XSS vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_0

{'score': 8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-08-18T19:54:08.186Z

Reserved: 2025-08-12T16:15:30.237Z

Link: CVE-2025-55287

cve-icon Vulnrichment

Updated: 2025-08-18T19:54:04.036Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-18T17:15:30.887

Modified: 2025-09-03T15:57:46.060

Link: CVE-2025-55287

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.