CVE-2025-55887

Name of the Vulnerable Software and Affected Versions ARD (affected versions not specified)

Description A Cross-Site Scripting (XSS) issue exists in the meal reservation service. The vulnerability is located in the transactionID GET parameter on the transaction confirmation page. Insufficient input validation and output encoding allow an attacker to inject malicious JavaScript code, potentially leading to session hijacking and cookie theft. The code executes within the user's browser, enabling malicious actions performed on behalf of the victim.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.