CVE-2025-54348

{"id": "CVE-2025-54348", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.3}]}, "published": "2025-11-14T18:15:49.063", "references": [{"url": "https://desktopalert.net", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://desktopalert.net/cve-2025-54348/", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-80"}]}], "descriptions": [{"lang": "en", "value": "A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user\u2019s browser, capturing sensitive information."}], "lastModified": "2025-11-20T14:54:53.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:desktopalert:pingalert_application_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CE54623-DECB-4213-B299-40AAE561D3E2", "versionEndExcluding": "6.1.1.4", "versionStartIncluding": "6.1.0.11"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}