CVE-2025-55288
📋 TL;DR
This vulnerability allows authenticated attackers to inject malicious JavaScript into the Genealogy family tree application, which executes in other users' browsers. Attackers can hijack sessions, steal sensitive data, or manipulate the user interface. Only authenticated users can exploit this vulnerability.
💻 Affected Systems
- Genealogy family tree application
📦 What is this software?
Genealogy by Kreaweb
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover through session hijacking, theft of all user data including personal family information, and persistent UI manipulation affecting all users.
Likely Case
Targeted session hijacking of specific users, theft of sensitive family data, and limited UI manipulation for phishing or defacement.
If Mitigated
Limited impact due to proper input validation and output encoding, potentially only affecting non-sensitive data display.
🎯 Exploit Status
Requires authenticated access and knowledge of vulnerable endpoints. Reflected XSS typically requires user interaction.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.4.0
Vendor Advisory: https://github.com/MGeurts/genealogy/security/advisories/GHSA-3h8x-g9xj-rhwg
Restart Required: No
Instructions:
1. Backup current installation and database. 2. Download version 4.4.0 from official repository. 3. Replace existing files with new version. 4. Verify functionality and test for any breaking changes.
🔧 Temporary Workarounds
Input Validation and Output Encoding
allImplement server-side input validation and proper output encoding for all user-controlled parameters
Content Security Policy
allImplement strict Content Security Policy headers to limit script execution
Header set Content-Security-Policy "default-src 'self'; script-src 'self'" in Apache .htaccess or equivalent
🧯 If You Can't Patch
- Implement Web Application Firewall (WAF) rules to detect and block XSS payloads
- Restrict user permissions and implement principle of least privilege for authenticated users
🔍 How to Verify
Check if Vulnerable:
Check if version is below 4.4.0 by examining application files or admin panel. Test for XSS by submitting script payloads in user-controlled parameters.Check Version:
Check includes/version.php or similar version file, or view admin panel version informationVerify Fix Applied:
Verify version is 4.4.0 or higher. Test same XSS payloads that previously worked to confirm they are now properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual long parameter values in URLs
- Requests containing script tags or JavaScript keywords in parameters
- Multiple failed login attempts followed by successful authentication
Network Indicators:
- HTTP requests with suspicious parameters containing script tags or JavaScript functions
- Unusual outbound connections from application server
SIEM Query:
web.url:*script* OR web.param:*javascript* OR web.param:*alert(*