Cross-Site Scripting (XSS) vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that is executed in the context of a user s browser. This can lead to session hijacking, theft of cookies, and other malicious actions performed on behalf of the victim.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 22 Sep 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Cross-Site Scripting (XSS) vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that is executed in the context of a user s browser. This can lead to session hijacking, theft of cookies, and other malicious actions performed on behalf of the victim. | |
References |
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-09-22T18:53:15.837Z
Reserved: 2025-08-16T00:00:00.000Z
Link: CVE-2025-55887

No data.

Status : Awaiting Analysis
Published: 2025-09-22T19:15:44.750
Modified: 2025-09-22T21:22:33.590
Link: CVE-2025-55887

No data.

No data.