Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.
History

Wed, 03 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Kreaweb
Kreaweb genealogy
CPEs cpe:2.3:a:kreaweb:genealogy:*:*:*:*:*:*:*:*
Vendors & Products Kreaweb
Kreaweb genealogy

Mon, 18 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 18 Aug 2025 17:15:00 +0000

Type Values Removed Values Added
Description Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.
Title Genealogy has a Reflected XSS Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-08-18T19:55:42.028Z

Reserved: 2025-08-12T16:15:30.237Z

Link: CVE-2025-55288

cve-icon Vulnrichment

Updated: 2025-08-18T19:55:26.150Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-18T17:15:31.067

Modified: 2025-09-03T16:11:31.837

Link: CVE-2025-55288

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.