Medium severity6.1NVD Advisory· Published Sep 2, 2025· Updated Apr 15, 2026

CVE-2025-55473

Description

Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). The vulnerability exists in the /ip.php endpoint, which processes and displays the X-Forwarded-For HTTP header without proper sanitization or output encoding. This allows an attacker to inject malicious JavaScript code that will execute in visitor browsers.

Affected products

AATF/Aatf.usreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cyber-ducky.com/xss-found-in-asian-arts-talent-foundation-2/nvd
hub.docker.com/r/aatf/aatf.usnvd

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000