Home > Vulnerability Database > CVE-2025-55288

Mend.io Vulnerability Database

CVE-2025-55288

Good to know:

Date: August 18, 2025

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.

Severity Score

5.5

Related Resources (4)

Url: https://github.com/MGeurts/genealogy/commit/1683b3cbea5e52c99291fa231b7bc8c33f33c33f

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55288

Url: https://github.com/MGeurts/genealogy/security/advisories/GHSA-3h8x-g9xj-rhwg

Url: https://www.mend.io/vulnerability-database/CVE-2025-55288

Severity Score

5.5

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version https://github.com/MGeurts/genealogy.git - v4.4.0

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55288

Good to know:

Date: August 18, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?