9 matches found
CVE-2025-55288
Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting XSS vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and U...
CVE-2025-55288
CVE-2025-55288 affects Genealogy (a PHP-based family tree application). The vulnerability is an authenticated reflected XSS in versions prior to 4.4.0, enabling an attacker with valid credentials to execute arbitrary JavaScript in another user’s session, potentially causing session hijacking, dat...
WordPress Genealogical Tree – WordPress Family Tree Plugin <= 2.2.0.8 is vulnerable to Cross Site Scripting (XSS)
Software Genealogical Tree – WordPress Family Tree Type Plugin Vulnerable versions = 2.2.0.8 Fixed in 2.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3035976be303 Credits Rafi...
WordPress Genealogical Tree – WordPress Family Tree plugin <= 2.1.4 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Genealogical Tree – WordPress Family Tree plugin versions = 2.1.4. Solution Update the WordPress Genealogical Tree – WordPress Family Tree plugin to the latest available version at least 2.1.5...
Cross-site Scripting (XSS) - Stored in fisharebest/webtrees
✍️ Description A malicious actor is able to add a malicious payload as a Family Tree Title, and after click the Family Tree nav button from the My Pages Menu, the XSS payload is executed. 🕵️♂️ Proof of Concept 1;Create a new family tree, either when logging in after install for the first time, or...
Leak Exposes Private Data of Genealogy Service Users
A server containing information of users of a genealogy service has exposed the data of 60,000 users, putting them at risk for fraud, phishing and other cybercriminal activity. Research led by Avishai Efrat at WizCase has discovered the leak, which affected an open and unencrypted ElasticSearch...
kingstree.familytreeguide.com XSS vulnerability
Open Bug Bounty ID: OBB-560183 Description| Value ---|--- Affected Website:| kingstree.familytreeguide.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
horton-family-tree.com XSS vulnerability
Open Bug Bounty ID: OBB-537432 Description| Value ---|--- Affected Website:| horton-family-tree.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
MyHeritage - Family Tree - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application MyHeritage - Family Tree published at the 'play' market has multiple vulnerabilities...