CVE-2025-55887 PoC — ARD GEC en Ligne 安全漏洞

Source

https://github.com/0xZeroSec/CVE-2025-55887

Associated Vulnerability

Title:ARD GEC en Ligne 安全漏洞 (CVE-2025-55887)
Description:ARD GEC en Ligne是法国ARD公司的一个线上服务门户网站。 ARD GEC en Ligne存在安全漏洞，该漏洞源于对transactionID参数输入验证和输出编码不足，可能导致跨站脚本攻击。

Readme

# CVE-2025-55887
### Description
Cross-Site Scripting (XSS) vulnerability was discovered in the meal
reservation service ARD. The vulnerability exists in the transactionID
GET parameter on the transaction confirmation page. Due to improper
input validation and output encoding, an attacker can inject malicious
JavaScript code that is executed in the context of a user s browser.
This can lead to session hijacking, theft of cookies, and other
malicious actions performed on behalf of the victim.

### Proof Of Concept

**Payload**
```
https://services.ard.fr/index.php?id=5869&ocid=183&token=1SemPugSUq3maSpK81871559797854161&transactionID=<script>alert(/OPENBUGBOUNTY/)</script>
```

**Screenshot of vulnerability**
![Screenshot of vulnerability](https://www.openbugbounty.org/twimages/screen-4024708.jpg)

### Reseachers
- [raphckrman](https://github.com/raphckrman)

File Snapshot


 [4.0K]  /data/pocs/fad95608b3c576e4b1aad2c279d400913cc34845
└── [ 870]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!