Vulnerability Description
Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output encoding. This allows an attacker to inject malicious JavaScript code that will execute in visitor browsers.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://cyber-ducky.com/xss-found-in-asian-arts-talent-foundation-2/
- https://github.com/AATF/aatf.us
- https://hub.docker.com/r/aatf/aatf.us
FAQ
What is CVE-2025-55473?
CVE-2025-55473 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). The vulnerability exists in the /ip.php endpoint, which processes and d...
How severe is CVE-2025-55473?
CVE-2025-55473 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-55473?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.