PT-2025-35583 · Asian Arts Talents Foundation · Aatf Website+1
Cyberducky
+1
·
Published
2025-09-02
·
Updated
2025-09-02
·
CVE-2025-55473
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Asian Arts Talents Foundation (AATF) Website versions 5.1.x
Asian Arts Talents Foundation (AATF) Docker version 2024.12.8.1
Description
The Asian Arts Talents Foundation (AATF) Website and Docker image are susceptible to a Cross Site Scripting (XSS) issue. The
/ip.php API endpoint processes the X-Forwarded-For HTTP header without sufficient sanitization or output encoding, enabling the injection of malicious JavaScript code into visitor browsers.Recommendations
Asian Arts Talents Foundation (AATF) Website version 5.1.x: Sanitize and properly encode all user-supplied input, especially data received in HTTP headers, before displaying it in web pages.
Asian Arts Talents Foundation (AATF) Docker version 2024.12.8.1: Sanitize and properly encode all user-supplied input, especially data received in HTTP headers, before displaying it in web pages.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aatf Docker
Aatf Website