References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

OR
          *cpe:2.3:a:ard:gec_en_ligne:-:*:*:*:*:*:*:*

CISA-ADP: https://github.com/0xZeroSec/CVE-2025-55887 Types: Exploit, Third Party Advisory

MITRE: http://alpes.com Types: Broken Link

MITRE: http://ard.com Types: Broken Link

MITRE: https://github.com/0xZeroSec/CVE-2025-55887 Types: Exploit, Third Party Advisory

MITRE: https://services.ard.fr/index.php Types: Product

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79

https://github.com/0xZeroSec/CVE-2025-55887

Cross-Site Scripting (XSS) vulnerability was discovered in the meal reservation service ARD. The vulnerability exists in the transactionID GET parameter on the transaction confirmation page. Due to improper input validation and output encoding, an attacker can inject malicious JavaScript code that is executed in the context of a user s browser. This can lead to session hijacking, theft of cookies, and other malicious actions performed on behalf of the victim.

http://alpes.com

http://ard.com

https://github.com/0xZeroSec/CVE-2025-55887

https://services.ard.fr/index.php