CVE-2025-54348

Published: Nov 14, 2025Modified: Nov 20, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Exploitability: 2.3 / Impact: 3.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.

Affected (1)

Products: Desktopalert: Pingalert Application Server

Desktopalert

1 product

Pingalert Application Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Desktopalert Pingalert Application Server	From 6.1.0.11 to 6.1.1.4

Related CWEs

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

References (2)

https://desktopalert.net

Source: cve@mitre.org

Product

https://desktopalert.net/cve-2025-54348/

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.