CVE-2025-55888

Name of the Vulnerable Software and Affected Versions ARD (affected versions not specified)

Description A Cross-Site Scripting (XSS) issue exists in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. The input is not properly sanitized or encoded when rendered, enabling script execution within the user's browser. This could result in session hijacking and cookie theft. The API endpoint involved is '/Ajax transaction manager'.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.