POC详情: e8c25fc2fd4cd4d7cc6ea4cc639483517f18fff6

来源
https://github.com/0xZeroSec/CVE-2025-55888
关联漏洞
标题: ARD GEC en Ligne 安全漏洞 (CVE-2025-55888)
描述:ARD GEC en Ligne是法国ARD公司的一个线上服务门户网站。 ARD GEC en Ligne存在安全漏洞,该漏洞源于Ajax事务管理器端点未对accountName字段进行适当清理或编码,可能导致跨站脚本攻击。
介绍
# CVE-2025-55888
### Description
Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax
transaction manager endpoint of ARD. An attacker can intercept the Ajax
response and inject malicious JavaScript into the accountName field.
This input is not properly sanitized or encoded when rendered, allowing
script execution in the context of users browsers. This flaw could lead
to session hijacking, cookie theft, and other malicious actions.

### Proof Of Concept
**Payload Injection**
![Screenshot of exploit](assets/exploit.png)

**Screenshot of vulnerability**
![Screenshot of vulnerability](assets/poc.png)

### Reseachers
- [tryon-dev](https://github.com/tryon-dev)
文件快照

 [4.0K]  /data/pocs/e8c25fc2fd4cd4d7cc6ea4cc639483517f18fff6
├── [4.0K]  assets
│   ├── [ 40K]  exploit.png
│   └── [ 28K]  poc.png
└── [ 679]  README.md

1 directory, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。