Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output encoding. This allows an attacker to inject malicious JavaScript code that will execute in visitor browsers.
Metrics
Affected Vendors & Products
References
History
Tue, 02 Sep 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Tue, 02 Sep 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output encoding. This allows an attacker to inject malicious JavaScript code that will execute in visitor browsers. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-02T19:50:31.715Z
Reserved: 2025-08-13T00:00:00.000Z
Link: CVE-2025-55473

Updated: 2025-09-02T19:50:27.387Z

Status : Received
Published: 2025-09-02T17:15:36.100
Modified: 2025-09-02T20:15:35.513
Link: CVE-2025-55473

No data.

No data.