CVE-2025-55888 PoC — ARD GEC en Ligne 安全漏洞

Source

https://github.com/0xZeroSec/CVE-2025-55888

Associated Vulnerability

Title:ARD GEC en Ligne 安全漏洞 (CVE-2025-55888)
Description:ARD GEC en Ligne是法国ARD公司的一个线上服务门户网站。 ARD GEC en Ligne存在安全漏洞，该漏洞源于Ajax事务管理器端点未对accountName字段进行适当清理或编码，可能导致跨站脚本攻击。

Readme

# CVE-2025-55888
### Description
Cross-Site Scripting (XSS) vulnerability was discovered in the Ajax
transaction manager endpoint of ARD. An attacker can intercept the Ajax
response and inject malicious JavaScript into the accountName field.
This input is not properly sanitized or encoded when rendered, allowing
script execution in the context of users browsers. This flaw could lead
to session hijacking, cookie theft, and other malicious actions.

### Proof Of Concept
**Payload Injection**
![Screenshot of exploit](assets/exploit.png)

**Screenshot of vulnerability**
![Screenshot of vulnerability](assets/poc.png)

### Reseachers
- [tryon-dev](https://github.com/tryon-dev)

File Snapshot


 [4.0K]  /data/pocs/e8c25fc2fd4cd4d7cc6ea4cc639483517f18fff6
├── [4.0K]  assets
│   ├── [ 40K]  exploit.png
│   └── [ 28K]  poc.png
└── [ 679]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!